firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -table mangle Firewalld on the client I was testing with got screwed up. Loaded: loaded (/usr/lib/systemd/system/rvice enabled vendor preset: enabled)Īctive: inactive (dead) since Tue 20:19:32 GMT 6s agoĬonnected to 192.168.1.223 (192.168.1.223), port 69 rvice - firewalld - dynamic firewall daemon. So client side: $ sudo systemctl stop firewalld Of course, you don’t usually run the TFTP client – that’s a Cisco device or appliance doing a backup, or it’s your PXE client. Otherwise, you’ve got incoming data from an unexpected source. Here we have a hand off between daemons on the server side, perhaps there’s some oddness with ports, and the *client* firewall has to keep track of it. I don’t know tftp that well, but I do know that FTP traffic is a bit odd and involves two sessions, and firewalls have to cope with that. It reads the file, tries to pass the data to the client, loses the client. write(1, "n", 1) = -1 EBADF (Bad file descriptor) Puppet code, using crayfishx/firewalld, and the firewalld-cmd fix for this follows. bin/firewall-cmd -permanent -zone public -add-service tftp-client Obviously, I’m assuming you’ve got firewalld turned on, otherwise you wouldn’t be here. The quick bit is: if you want to run the TFTP client on, say, RHEL7, you need to enable a service in firewalld on the client. The rest of this blog post will elaborate on what happens if you don’t do this. Part 2 – the tftp client requires firewalld changes as well (this blog post).Part 1 – running tftp server non root (xinetd).
0 Comments
Leave a Reply. |