Cannot connect to ftfp on Alma 9.3

techietubby · February 6, 2024, 1:07pm

I have installed a new AlmaLinux 9.3 VM to use to provision new VMs on a Proxmox hypervisor. I have installed dhcp-server, tftp-server, httpd, and vsftpd and have followed several online guides in order to configure it as a PXE server.
Everything seems work as expected except ftfp. I can connect as tftp 127.0.0.1 and get my files however when I try to connect via my IP address it starts but all transfers fail


[kickstart html]# netstat -antup | grep 69
udp6       0      0 :::69                   :::*                                1/systemd
[kickstart html]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens18
  sources:
  services: cockpit dhcp dhcpv6-client ftp http https ssh tftp
  ports: 10021-10031/tcp 80/tcp 67/udp 68/udp 546/udp 547/udp 69/udp 69/tcp
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

[kickstart html]# systemctl status -l dhcpd tftp
● dhcpd.service - DHCPv4 Server Daemon
     Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; enabled; preset: disabled)
     Active: active (running) since Tue 2024-02-06 10:07:49 CET; 3h 48min ago
       Docs: man:dhcpd(8)
             man:dhcpd.conf(5)
   Main PID: 50070 (dhcpd)
     Status: "Dispatching packets..."
      Tasks: 1 (limit: 23090)
     Memory: 4.6M
        CPU: 237ms
     CGroup: /system.slice/dhcpd.service
             └─50070 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid

Feb 06 10:08:13 kickstart.test.com dhcpd[50070]: DHCPACK on 10.15.231.172 to 02:00:00:22:76:f2 via ens18
Feb 06 10:15:36 kickstart.test.com dhcpd[50070]: reuse_lease: lease age 9333 (secs) under 25% threshold, reply with unalte>
Feb 06 10:15:36 kickstart.test.com dhcpd[50070]: DHCPDISCOVER from 02:00:00:22:76:f2 via ens18
Feb 06 10:15:36 kickstart.cloudboxservices.com dhcpd[50070]: DHCPOFFER on 10.15.231.172 to 02:00:00:22:76:f2 via ens18
Feb 06 10:15:37 kickstart.test.com dhcpd[50070]: reuse_lease: lease age 9334 (secs) under 25% threshold, reply with unalte>
Feb 06 10:15:37 kickstart.test.com dhcpd[50070]: DHCPDISCOVER from 02:00:00:22:76:f2 via ens18
Feb 06 10:15:37 kickstart.test.com dhcpd[50070]: DHCPOFFER on 10.15.231.172 to 02:00:00:22:76:f2 via ens18
Feb 06 10:15:39 kickstart.test.com dhcpd[50070]: reuse_lease: lease age 9336 (secs) under 25% threshold, reply with unalte>
Feb 06 10:15:39 kickstart.test.com dhcpd[50070]: DHCPREQUEST for 10.15.231.172 (10.15.231.175) from 02:00:00:22:76:f2 vi>
Feb 06 10:15:39 kickstart.test.com dhcpd[50070]: DHCPACK on 10.15.231.172 to 02:00:00:22:76:f2 via ens18

○ tftp.service - Tftp Server
     Loaded: loaded (/usr/lib/systemd/system/tftp.service; indirect; preset: disabled)
     Active: inactive (dead) since Tue 2024-02-06 12:24:20 CET; 1h 32min ago
   Duration: 15min 97ms
TriggeredBy: ● tftp.socket
       Docs: man:in.tftpd
    Process: 55231 ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot (code=exited, status=0/SUCCESS)
   Main PID: 55231 (code=exited, status=0/SUCCESS)
        CPU: 6ms

Feb 06 12:09:20 kickstart.test.com systemd[1]: Started Tftp Server.
Feb 06 12:24:20 kickstart.test.com systemd[1]: tftp.service: Deactivated successfully.
lines 1-36/36 (END)

[kickstart html]# tftp 10.15.231.172
tftp> get tftpboot/pxelinux.0

Transfer timed out.

tftp>

[kickstart html]# tftp 127.0.0.1
tftp> get tftpboot/pxelinux.0
tftp> quit
[kickstart html]# ll pxelinux.0
-rw-r--r--. 1 root root 42686 Feb  6 14:01 pxelinux.0

I have tried stopping the firewall and disabling SELinux but nothing helps. Does anyone have any ideas?

jlehtone · February 6, 2024, 1:38pm

I used to use dhcp server, bind, and tftp-server, but have shifted to dnsmasq that is DNS, DHCP, and TFTP server in one package and process. Alas, it has different, “simpler”, config.

These days I do ask “Which processes do listen?” with:

sudo ss -tulpn

However, your netstat shows only IPv6 for port udp/69, no IPv4 and you show
that your tftp-server service is dead.
Why did it stop 15 minutes from start?
sudo journalctl -xu tftp.service is not likely to show much.
Where does it write logs? Directly to some files?

techietubby · February 6, 2024, 2:06pm

Hi,
Thanks for the reply. I am currently building an 8.9 VM to see if tftp works there as there is something very strange with networking as SSH back to the same host also gives weird problems.
I will let you know how it goes.
Thanks,
Andrew

techietubby · February 6, 2024, 2:48pm

I have now got much further after I realised I had made a mistake with the IP/MAC configuration. Now I get “Cannot load ldlinux.c32” so it’s going further. I shall let you know.

techietubby · February 7, 2024, 10:42am

I decided to start again with a blank Alma 8.7 VM with Dnsmasq and now have it working. The biggest problem is that there does not seem to be a single clear article where everything is clearly explained, thus I had to do a lot of experimenting.

The biggest issue is that I was originally using the classic TFTP socket from systemctl and this just does not work with dnsmasq. Once you completely disable this and enable tftp from within dnsmasq you can make progress:

# grep -Ev "^$|#" /etc/dnsmasq.conf
domain-needed
bogus-priv
strict-order
server=/test.com/8.8.8.8
user=dnsmasq
group=dnsmasq
interface=ens18
expand-hosts
domain=test.com,10.19.231.172/24
dhcp-range=10.95.231.172,10.19.231.174,255.255.240.0,12h
dhcp-boot=pxelinux.0
enable-tftp
tftp-root=/var/lib/tftpboot
conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig

I also had to copy these files:

cp /var/lib/tftpboot/pxelinux.cfg/default /var/lib/tftpboot/pxelinux.cfg/01-02-0f-00-22-66-f1
cp /var/pxe/almalinux-8.9/isolinux/vmlinuz /var/lib/tftpboot/
cp /var/pxe/almalinux-8.9/isolinux/vmlinuz /var/lib/tftpboot/almalinux-8.9/vmlinuz
cp /var/pxe/almalinux-8.9/isolinux/initrd.img /var/lib/tftpboot/almalinux-8.9/

And restart dnsmasq, then it works.

My next challenge is to make the build load a kickstart file.

Thanks for your advice.