TFTP package only works through the GUI
-
I have installed only this one package and while I can upload and download files using the web interface, external clients can do neither. I'd like to be able to push my switch configs to this server but also deploy ip phone config files.
pfsense 2.3.3 (amd64)
tftp package version 0.1.3_1
Data and Voice VLANS on the physical interface. I have been using the Data VLAN to test.
WinAgents ftp client version 2.0bI can confirm the server is listening on all local addresses using port 69
netstat -a | grep tftp udp4 0 0 *.tftp *.*To confirm requests are not being blocked, I configured an allow rule on the Data VLAN interface (named 'LAN') to log traffic.
<green check="">May 4 15:52:15 LAN 172.31.X.Y:53476 172.31.X.Z:69 UDP</green>Client just times out. Default block size is 512 bytes. Target text file is 2KB.
>tftp 172.31.X.Z get testfile WinAgents TFTP Client version 2.0b Copyright (c) 2004-2011 by Tandem Systems, Ltd. http://www.winagents.com - Software for network administrators Transfering file testfile from server in ascii mode... Transferring data from 172.31.X.Z... Error occurred during the file transfer (Error code = 0): Timeout expired. Retries expired.If the excellent community has any thoughts, I'd love to hear them.
-
My windows firewall was the culprit :-[ because udp is like that and after disabling, I could successfully download testfile with my WinAgents client. Uploading still didn't work, however, which is what brought me down this path in the first place but that was a simple matter of file permissions which I changed through the command line. I understand the risks and am using rules to restrict access to this server.
My suggestions for improving this package:
[list type=decimal]- Transaction logging. Not sure if –verbosity will do it. If I could see that my get request was being fulfilled, it would have pointed me in the right direction. Besides, it's nice to know who's accessing my files.
- Add a checkbox to enable file creation via –create option
- Add a checkbox to enable file writing without creation enabled via –umask option
I can understand why these options were omitted but still, they'd be nice to have.
Thank you, Doctor, for all your work.
-
Hey @pffan,
Could you please provide more details on which R/W file permission you did change ?
Thanks,
N -
@pffan said in TFTP package only works through the GUI:
My windows firewall was the culprit :-[ because udp is like that and after disabling, I could successfully download testfile with my WinAgents client. Uploading still didn't work, however, which is what brought me down this path in the first place but that was a simple matter of file permissions which I changed through the command line. I understand the risks and am using rules to restrict access to this server.
My suggestions for improving this package:
[list type=decimal]- Transaction logging. Not sure if –verbosity will do it. If I could see that my get request was being fulfilled, it would have pointed me in the right direction. Besides, it's nice to know who's accessing my files.
- Add a checkbox to enable file creation via –create option
- Add a checkbox to enable file writing without creation enabled via –umask option
I can understand why these options were omitted but still, they'd be nice to have.
Thank you, Doctor, for all your work.
Feature request created: https://redmine.pfsense.org/issues/10893
-
The latest pkg improvements:
