Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:troubleshooting:tftpserver [2020/11/01 15:31] – [On Windows] update download link bikepunkdocs:guide-user:troubleshooting:tftpserver [2024/04/28 17:45] – Logical restructuring anf small fixes jalakas
Line 1: Line 1:
-====== Setting up a TFTP server for TFTP Recovery/Install ====== 
- 
 ===== What is TFTP Recovery over Ethernet? ===== ===== What is TFTP Recovery over Ethernet? =====
  
-On most devices, the vendor provided boot loader is a partition separated from the actual firmware. In case of a failed flash process or in case of a misconfiguration, the device's boot loader usually is still untouched and fully working. It the boot loader has a built-in "TFTP recovery mode", it enables to regain control of a device with a broken firmware partition, by allowing a recovery flash process (which will also reset your configuration to the device defaults)+On most devices, the vendor provides a boot loader on discreet partition that is untouched by firmware updates. In case of a failed flash process or in case of a misconfiguration, the device's boot loader usually remains untouched and can therefore be used to reflash the firmware and recover the device. 
 + 
 +There are two potential modes of operation: 
 + 
 +**1. TFTP recovery client**
  
-For many routers the recovery works by starting a TFTP server on your computer. Then device with the broken firmware has to be started up in TFTP recovery mode. Some devices then will pull the network-provided firmware file over TFTP network protocol to the OpenWrt and hopefully recover with a successful emergency flash process.+For many routersthe recovery process requires you to host the firmware image on a TFTP server on your computer. Then device with the broken firmware then has to be started up in TFTP recovery mode. Some devices then will automatically pull the network-provided firmware file over TFTP network protocol to the OpenWrt and hopefully recover with a successful emergency flash process.
  
-Some devices do not have automatic pull function and they need manual TFTP copy commands in recovery mode to get firmware from TFTP and firmware install.+Other devices do not have automatic pull function and they need you to manually TFTP copy commands in recovery mode to download the firmware via TFTP and initiative the install.
  
-NOTE: Some other routers, e.g. many Netgear routers, have TFTP server on themselves, and the PC needs to act as TFTP client. The "TFTP recovery mode" can also mean that, so look carefully at info about your router to find out which method your router possibly supports.+**2. TFTP recovery server**
  
-The below article mainly advises on the "TFTP client at router" recovery.+Some other routers, e.g. many Netgear routers, run a TFTP server in recovery mode, and you need to upload the firmware to the device using a TFTP client.
  
-===== Is TFTP recovery over Ethernet Supported by my Device? =====+The below article mainly advises on the first mode of recovery, i.e. the router runs a TFTP client and you need to host the firmware image on a TFTP server. 
 +\\ 
 +===== Is TFTP Recovery over Ethernet supported by my device? =====
  
 TFTP recovery over Ethernet is not supported by every router model. TFTP recovery is based on a device- and vendor-specific boot loader that may or may not be present on your device. Check the OpenWrt device page for your precise model to find out, if your device has a boot loader supporting TFTP recovery. If your device supports it, then this recovery function will still be present in your device boot loader, after OpenWrt firmware has been flashed onto the device. TFTP recovery over Ethernet is not supported by every router model. TFTP recovery is based on a device- and vendor-specific boot loader that may or may not be present on your device. Check the OpenWrt device page for your precise model to find out, if your device has a boot loader supporting TFTP recovery. If your device supports it, then this recovery function will still be present in your device boot loader, after OpenWrt firmware has been flashed onto the device.
  
 Note: Note:
-  * Your device boot loader could alternatively have implemented TFTP recovery over serial cable, which is not covered on this page. +● Your device boot loader could alternatively have implemented TFTP recovery over [[:docs:techref:hardware:port.serial.cables|serial cable]], which is not covered on this page. 
-  Your device could also have [[docs:guide-user:troubleshooting:vendor_specific_rescue|other means of recovery]].\\ +● Your device could also have [[docs:guide-user:troubleshooting:vendor_specific_rescue|other means of recovery]]. 
 +\\
 ===== Setting up TFTP Recovery/Install ===== ===== Setting up TFTP Recovery/Install =====
  
 The following procedure only describes how to set up a TFTP server over Ethernet for the TFTP recovery/install preparation process, it does not describe the device-specific flash recovery/install process. For the actual flash process you have to consult the vendor provided documentation, the Internet, the OpenWrt Forum or the OpenWrt device pages. The following procedure only describes how to set up a TFTP server over Ethernet for the TFTP recovery/install preparation process, it does not describe the device-specific flash recovery/install process. For the actual flash process you have to consult the vendor provided documentation, the Internet, the OpenWrt Forum or the OpenWrt device pages.
  
-  - Download the desired OpenWrt (or stock) firmware image to the designated TFTP directory on your computer.+  - Download the desired OpenWrt (or stock) firmware image to the designated TFTP directory on your computer (and rename it if needed).
   - Set the IP address of your computer's Ethernet interface as described in the Device Page for your model.   - Set the IP address of your computer's Ethernet interface as described in the Device Page for your model.
   - Start the TFTP server on your computer.   - Start the TFTP server on your computer.
-  - Power up the router and press a device-specific button to start firmware recovery over TFTP, +  - Connect your computer and your device with Ethernet cable. 
-  - or access boot loader recovery options and install recovery firmware over TFTP.+  - Power up the router and press a device-specific button to start firmware recovery over TFTP, or access boot loader recovery options and install recovery firmware over TFTP. 
 +  - Stop the TFTP server on your computer 
 +\\ 
 +==== Setting up a TFTP server for TFTP Recovery/Install ====
  
-===== Setting up TFTP Server =====+{{page>meta:infobox:tftp_warning&noheader&nofooter&noeditbtn}} 
 +Access to TFTP-client (''tftp'') and TFTP-server (''tftpd'') tool/app must be made secure, from //(primarily)// hackers in internet //(and TFTP-server & client both must also be kept securely isolated from harmful/ignorant internal users or from hijacked computers, inside your own LAN network)//. If necessary, create a separate subnet under a 2nd level router, then work / develop / troubleshoot under that separate subnet with network devices which will handle TFTP client/server protocols.
  
-==== On Mac OSX ====+If your computer is also used as a desktop computer for general purpose or for other purpose than build/compile, then make sure TFTP-client & TFTP-server, are both placed behind a firewall //(''frwl'')// system or rules<sup>[[https://unix.stackexchange.com/questions/99270/|1]], [[https://www.cyberciti.biz/faq/install-configure-tftp-server-ubuntu-debian-howto/|2]]</sup>. Firewall rules should be:
  
-macOS provides native tftpd server that runs the command lineThere are also GUI applications that are available for those that prefer them.+  * //(frwl rule # 1)// allow TFTP traffic (UDP 69) only when connections originate from local LAN ip.address range and also end in the local LAN ip.address range 
 +  * //(frwl rule # 2)// TFTP traffic is Not-Allowed when it is from/to ''127.0.0.1'' or ''lo'' 
 +  * //(frwl rule # 3)// TFTP traffic is Not-Allowed when originated from Internet-ip-address //(aka: NON private-LAN ip-address ranges)//
  
-=== Command-Line Native tftpd ===+And you must also make sure to do this: after your develop / troubleshooting etc work is done or when you pause to goto other work, then make sure the TFTP-server and TFTP-client both are completely disabled in your OS/distro : turn off TFTP-server service / process, disable TFTP-server startup script file, and **move** the TFTP-client (''tftp'') & the TFTP-server (''tftpd'') executable / binary //(''bin'')// files out of all folders mentioned in your PATH variable, into a different folder (which is NOT in the PATH variable), and also move bin files out of the folder which is mentioned in startup-script //(if such is used)//.
  
-For recent versions of macOS, the system-supplied ''tftpd'' is managed with ''launchctl''. Users should be comfortable with command-line usage and ''sudo'' to take this approachAs confirmed on macOS Sierra 10.12.6 and macOS Mojave 10.14.2, the general steps involved are+**<color #ed1c24>If you keep TFTP-server running or if you keep the TFTP-client tool available to run anytime, then abusive hackers can abuse/exploit it, to load harmful firmware and/or to change sensitive security settings inside your existing router firmware<sup>[[https://nvd.nist.gov/vuln/detail/CVE-2020-26130|1]], [[https://www.cvedetails.com/vulnerability-list.php?vendor_id=98&product_id=0&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=4|2]][[https://www.cvedetails.com/vulnerability-list/vendor_id-7940/Tftp-server.html|3]], [[https://www.cvedetails.com/vulnerability-list/vendor_id-1305/product_id-2282/Solarwinds-Tftp-Server.html|4]], [[https://www.cvedetails.com/vulnerability-list/vendor_id-16/product_id-1628/Cisco-Tftp-Server.html|5]], [[https://nvd.nist.gov/vuln/detail/CVE-2019-0603|6]]</sup>, etc.</color>** 
 +\\ \\ 
 +==== Setting up a TFTP server on macOS ====
  
-  * Configure your network interface for the proper server address for your deviceUsing System Preferences > Network is perhaps the easiest. +macOS provides a native tftpd server that runs the command lineHowever, it is not verified to work on recent versions (10.15.x). So alternative option-1 is: use ''dnsmasq'' instead. Alternative option-2 is: use MacPorts //(or other)// package-manager & obtain tftpd server & dnsmasq, more info is here: [[:docs:guide-developer:toolchain:buildroot.exigence.macosx|buildroot.exigence.macosx]]. There are also GUI //(frontend/wrapper)// applications //(for CLI based tftp, tftpd tools)// that are available for users who prefer such, //(in example: ''TftpServer**.**app'')//. There are also GUI based tftp & tftpd app, //(in example: ''PumpKIN**.**app'')//
-  Connect your device to the network interface +\\ \\ 
-  Start ''tftpd''+=== dnsmasq (on macOS): ===
  
-  $ sudo cp path/to/file/to/serve.bin /private/tftpboot/the_name_the_device_is_looking_for.bin +Dnsmasq can be installed easily via [[https://brew.sh|Homebrew]] or [[https://www.macports.org/|MacPorts]] and has the advantage of being able to offer a DHCP server if necessary.
-  $ sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist+
  
-  * Confirm ''tfptd'' is running by looking for the UDP listener on port 69+● Launch it in this way (if you use Homebrew pkg-mngr): <code bash> $ sudo /usr/local/opt/dnsmasq/sbin/dnsmasq -i enX -p 0 -z --enable-tftp --tftp-root /tmp </code> 
 +● Launch it in this way (if you use MacPorts pkg-mngr): <code bash> $ sudo /opt/local/sbin/dnsmasq -i enX -p 0 -z --enable-tftp --tftp-root /tmp </code>
  
-  $ netstat -an | fgrep \*.69     +Replace ''enX'' with the interface identifier of your Ethernet adapter (use ''ifconfig'' to find it out) and ''/tmp'' to the directory containing the image you want to serveDon't forget to kill the process (e.gusing the ''Activity Monitor'') before you want to start a new instance of ''dnsmasq''
-  udp4            0  *.69                   *.*                               +\\ \\ 
 +=== macOS Command-Line Native tftpd: ===
  
 +For recent versions of macOS, the system-supplied ''tftpd'' is managed with ''launchctl''. Users should be comfortable with command-line usage and ''sudo'' to take this approach. As confirmed on macOS Sierra 10.12.6 and macOS Mojave 10.14.2, the general steps involved are
  
-  * Activate your device's recovery/TFTP mode +● Configure your network interface for the proper server address for your device. Using System Preferences > Network is perhaps the easiest. 
-  * When done with ''tftpd'', shut it down with +● Connect your device to the network interface. 
- +● Start ''tftpd'' <code bash>  
-  $ sudo launchctl unload -F /System/Library/LaunchDaemons/tftp.plist +$ sudo cp path/to/file/to/serve.bin /private/tftpboot/the_name_the_device_is_looking_for.bin 
- +$ sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist </code> 
-=== TFTPServer.app ===+● Confirm ''tfptd'' is running by looking for the UDP listener on port 69 <code bash>  
 +$ netstat -an | fgrep \*.69     
 +udp4            0  *.69                   *.*                               </code> 
 +● Activate your device's recovery/TFTP mode 
 +  * When done with ''tftpd'', shut it down with <code bash> $ sudo launchctl unload -F /System/Library/LaunchDaemons/tftp.plist </code> 
 +\\ 
 +=== TftpServer.app (on macOS): ===
  
-As an example of a GUI-driven tftp server, TFTPServer.app from http://ww2.unime.it/flr/tftpserver/ provides a pleasant GUI wrapper around the native command that makes the process less error prone. This procedure was tested with TftpServer.app v 3.4.1 on OSX 10.10.5 in December 2016. +As an example of a GUI wrapper (aka: frontend) based TFTP server, the ''TftpServer**.**app'' from http://ww2.unime.it/flr/tftpserver/ provides a pleasant GUI frontend / wrapper around macOS native command that makes the process less error prone. Info from older site on usage of this app is [[https://web.archive.org/web/20200427215239/http://ww2.unime.it/flr/tftpserver/|here]]. 
 +  * This procedure was tested with ''TftpServer.app'' v 3.4.1 on OSX 10.10.5 in December 2016
 +  * The v3.4.1 ''TftpServer.dmg'' file has SHA256: eb71d62da9c0dd6cdf54d604e87083e1a4e7084f8da4bc4e8c196da19e012583 & size: 656,775 bytes, and the "TftpServer**.**app" has 731,378 bytes. DMG file contains APP file. We found mention of updated version v3.5.1 on author's older website via ''Internet Archive Wayback Machine'', obtained on April 27, 2020<sup>[[https://web.archive.org/web/20200427215239/http://ww2.unime.it/flr/tftpserver/|1]]</sup>
 +  * Author's contact info: //fabrizio.larosa.nospam**@**unime5**.**it// (//remove the ''.nospam'' portion & remove the ''5'', to get author's actual email address//) or //fab.larosa.spamnotallowed**@**gmail1**.**com// (//remove the ''.spamnotallowed'' portion & remove the ''1'', to get author's actual email address//).
  
-  - Download and install TftpServer.app from the URL above.+  - Download ''dmg'' file from the URL<sup>[[http://ww2.unime.it/flr/tftpserver/|1]]</sup> mentioned above, and install the ''TftpServer.app'' inside that ''dmg'' file. Do not download this app or dmg file from any untrustworthy websites. Do not download unknown version or "new" versions, that is not-shared or not-mentioned by actual author.
   - Move the application to a convenient directory.   - Move the application to a convenient directory.
   - In the same directory, create another folder named 'tftpfiles'. This is the 'designated TFTP directory'. //TftpServer.app and tftpfiles will be in the same directory.//   - In the same directory, create another folder named 'tftpfiles'. This is the 'designated TFTP directory'. //TftpServer.app and tftpfiles will be in the same directory.//
Line 71: Line 94:
   - Start your router and press the button. //The file will transfer.//   - Start your router and press the button. //The file will transfer.//
   - //Note:// TftpServer.app may give warnings about file permissions. Use the "Fix" buttons at the bottom of the window to set the permissions properly.   - //Note:// TftpServer.app may give warnings about file permissions. Use the "Fix" buttons at the bottom of the window to set the permissions properly.
-  - Click "Stop TFTP" or quit the application to stop the TFTP server. +  - Click "Stop TFTP" or quit the application to stop the TFTP server. 
 +  - Precautions : keep this app firewalled //(and allow only LAN based TFTP)//, or disable this app when you are done working with TFTP, or disable this app when you pause to goto other work. Do not keep this app continuously running. 
 +\\ 
 +=== PumpKIN.app (on macOS): ===
  
-==== On Windows ====+This app ''PumpKIN.app'' has GUI interface and also contains builtin TFTP server & client functionalities, it can be obtained from https://kin.klever.net/pumpkin/ website. [[https://kin.klever.net/pumpkin/binaries/|Dnld]], [[https://kin.klever.net/pumpkin/repository/|Src]], Tech description [[https://kin.klever.net/pumpkin/description/|here]], Help file [[https://kin.klever.net/pumpkin/help/|here]]. 
 +  * It is developed by Michael Krelin ( //hacker.nospam**@**klever5**.**net// , //remove the ''.nospam'' portion & remove the ''5'', to get author's actual contact info// ). 
 +  * The ''pumpkin-0.0.1-osx.dmg'' file has SHA256: 0f857db4ae91907946cfc050f72a17714524d3380fb1e8bc8cb25acfd5f83a67 & size: 796,711 bytes, and the ''PumpKIN.app'' size: 876,994 bytes. 
 +  * Precautions : keep this app firewalled //(and allow only LAN based TFTP)//, or disable this app when you are done working with TFTP, or disable this app when you pause to goto other work. Do not keep this app continuously running. 
 +\\ 
 +=== Tools/Pkgs via Pkg-Mngr (on macOS): ===
  
-While there is a command line TFTP server/client feature in windowsit's easier to use a third party one that has proper graphical interface.+macOS compatible //(3rd-party)// pkg-mngr //(package-manager)// info is displayed in [[:docs:guide-developer:toolchain:buildroot.exigence.macosx|buildroot.exigence.macosx]] page, inside ''Install Package Manager'' section. 
 + 
 +if you have MacPorts pkg-mngr, then run**:** <code bash> $ sudo port install inetutils dnsmasq </code> 
 +  * the ''inetutils'' pkg includes ''telnet'', ''ftp'', ''rsh'', ''rlogin'', ''tftp'' client tools, and also includes corresponding daemons/servers, as bundle<sup>[[https://ports.macports.org/search/?q=utils&name=on|1]]</sup>
 +\\ 
 +==== Setting up a TFTP server on Windows ==== 
 + 
 +While there is a command line TFTP **client** feature in WindowsMicrosoft has stopped shipping tftp **server** for security reasons. A third party tftp server will therefore be required. 
 + 
 +The built-in client tftp feature can be installed from an administrator cmd.exe command prompt as follows: <code>Dism /online /Enable-Feature /FeatureName:TFTP /All</code> (You can use the client to test if your TFTP server is working.) 
 +\\ 
 +Regardless of which TFTP server below that you choose to use, you will need to open local firewall rule to allow inbound client TFTP connections from the local subnetFor security reasons, only traffic from the local LAN subnet should be allowed. Start a cmd.exe prompt as admin then run: 
 +<code>netsh advfirewall firewall add rule name="TFTP" dir=in action=allow protocol=udp localport=69 remoteip=localsubnet interfacetype=lan profile=private,public</code> 
 +\\ 
 +=== Tftpd64 (on Windows): ===
  
 A simple and free TFTP application is **Tftpd64**, available [[http://tftpd32.jounin.net/|here]]. A simple and free TFTP application is **Tftpd64**, available [[http://tftpd32.jounin.net/|here]].
Line 83: Line 128:
 Place the file you want to send (the firmware file usually) in the same folder where you find the **Tftpd64** program file. The folder exposed through TFTP can be changed by clicking on Browse button, but in most situations you don't need to do that. Place the file you want to send (the firmware file usually) in the same folder where you find the **Tftpd64** program file. The folder exposed through TFTP can be changed by clicking on Browse button, but in most situations you don't need to do that.
  
-Configure your ethernet port according to your device's own recovery method as detailed in [[docs:guide-user:troubleshooting:vendor_specific_rescue|Rescue from failed firmware upgrade]], note that in most cases you can't use that port to connect to the internet until you reconfigure it back like it was before.+Configure your Ethernet port according to your device's own recovery method as detailed in [[docs:guide-user:troubleshooting:vendor_specific_rescue|Rescue from failed firmware upgrade]], note that in most cases you can't use that port to connect to the internet until you reconfigure it back like it was before.
  
-Double-click on the **Tftpd64** program file and you should get a Windows Firewall popup asking you to grant accessCheck both optionsto allow **Tftpd64** to communicate over both home/work and public networksThis is very important, if the Windows Firewall blocks your TFTP server you won't be able to access it from the device you want to recover.+This application might stop listening on the local UDP port at the very moment that you need it, i.e. when the router at the other end of the network connection restarts. To work around this issuedo one of the following: 
 +  Disable [[https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/disable-media-sensing-feature-for-tcpip|media sensing]]:<code>netsh interface ipv4 set global dhcpmediasense=disabled 
 +netsh interface ipv6 set global dhcpmediasense=disabled</code> 
 +  * Use a switch between the TFTP host and the client router so that the network link of the Windows machine remains up while the router is rebooting.
  
-Click on the drop-down menu called **Server Interfaces** and select your PC's ethernet port.+Double-click on the **Tftpd64** program file and you should get a Windows Firewall popup asking you to grant access. Check both options, to allow **Tftpd64** to communicate over both home/work but //not// public networks. This is very important, if the Windows Firewall blocks your TFTP server you won't be able to access it from the device you want to recover.
  
-Now the tftp server is online and ready, and the file(s) in it can be accessed as normal.+Click on the drop-down menu called **Server Interfaces** and select your PC'Ethernet port.
  
-==== On Linux ==== +Now the TFTP server is online and ready, and the file(s) in it can be accessed as normal. 
-Install atftpd from repository on Debian/Ubuntu/Mint +\\ \\ 
-  # apt install atftpd +=== Tiny PXE (on Windows)===
-Install atftpd from repository on RedHat/Fedora/Centos +
-  # yum install atftpd +
-Create directory where you want to put the image file +
-  # mkdir /srv/tftp +
-Put an image file into your directory - actual name will vary +
-  # cp ~/tp_recovery.bin /srv/tftp +
-Change the ownership of the folder and the file in it +
-  # chown nobody:nogroup -R /srv/tftp +
-Run TFTP server +
-  # atftpd --daemon /srv/tftp +
-Check if your TFTP server is listening +
-  # netstat -lunp|grep 69 +
-//If not set, you should try running TFTP server as superuser.//+
  
-**Check that you can in fact pull the file from your tftp server.** +[[http://reboot.pro/files/file/303-tiny-pxe-server/|Tiny PXE]] seems to do the same as Tftpd64 plus BOOTP support (particularly useful for [[:toh:mikrotik:common|MikroTik devices]]). 
-Preferably from another computer call your tftp server IP: (//or if not possible, in same server call IP 0.0.0.0//+\\ \\ 
-  # tftp 192.168.0.66 +=== Solarwinds TFTP Server === 
-  tftp> get tp_recovery.bin + 
-  Received 8152633 bytes in 0.8 seconds +A free TFTP server for Windows can be downloaded [[https://www.solarwinds.com/free-tools/free-tftp-server|here]] (registration is required). 
-  tftp> quit+ 
 +  * The default install will use the directory ''C:\TFTP-Root'' - place your firmware file in this directory and rename it per the instructions for your specific device. 
 +  * Under File | Configure | Security, set "Send files" as the only permissible action. 
 +  * Change the local LAN IP address of your computer to the static IP that your router expects. 
 +  * Follow the procedure for your specific router to trigger its TFTP client to download the firmware image you are hosting. 
 +  * Watch the Solarwinds console to ensure that the router has downloaded the firmware file. 
 + 
 +<color #ed1c24>**Important: Stop the TFTP service and prevent it from auto-restarting as soon as you are done so your machine is not left in an insecure configuration:**</color> 
 +<code> 
 +sc config "Solarwinds TFTP Server" start=demand 
 +sc stop "Solarwinds TFTP Server" 
 +</code> 
 +\\ 
 +==== Setting up a TFTP server on Linux ==== 
 +=== dnsmasq (on Linux): === 
 + 
 +**dnsmasq** is pre-installed in most distributions. 
 + 
 +Create directory where you want to put the recovery image file: <code bash> 
 +bash#  mkdir /srv/tftp </code> 
 + 
 +Put an image file into your directory - actual name will vary: <code bash> 
 +bash#  cp ~/tp_recovery.bin /srv/tftp </code> 
 + 
 +Run TFTP server: <code bash> 
 +bash#  dnsmasq --listen-address=0.0.0.0 --port=0 --enable-tftp --tftp-root=/srv/tftp --tftp-no-blocksize --user=root --group=root </code> 
 + 
 +Check if your TFTP server is listening: <code bash> 
 +bash#  netstat -lunp | grep 69 </code> 
 +\\ 
 +=== atftpd (on Linux): === 
 + 
 +You can also use **atftpd**: 
 +<columns 100% 50% - -> 
 +Install atftpd from repository on Debian/Ubuntu/Mint: <code bash> 
 +bash#  apt install atftpd </code> 
 +<newcolumn> 
 +Install atftpd from repository on RedHat/Fedora/Centos: <code bash> 
 +bash#  yum install atftpd </code> 
 +</columns> 
 + 
 +Create directory where you want to put the recovery image file: <code bash> 
 +bash#  mkdir /srv/tftp </code> 
 + 
 +Put an image file into your directory - actual name will vary: <code bash> 
 +bash#  cp ~/tp_recovery.bin /srv/tftp </code> 
 + 
 +Change the ownership of the folder and the file in it: <code bash> 
 +bash#  chown nobody:nogroup -R /srv/tftp </code> 
 + 
 +Run TFTP server (run as daemon, do not fork, log events to stdout): <code bash> 
 +bash#  atftpd --daemon --no-fork --logfile - /srv/tftp </code> 
 + 
 +Check if your TFTP server is listening: <code bash> 
 +bash#  netstat -lunp|grep 69 </code> 
 +  * //If not set, you should try running TFTP server as superuser.// 
 +\\ 
 +=== Testing TFTP server (on Linux): === 
 + 
 +**Check that you can in fact pull the file from your TFTP server.** 
 +Preferably from another computer call your TFTP server IP: (//or if not possible, in same server call IP 0.0.0.0//): <code bash> 
 +bash tftp 192.168.0.66 
 +tftp> get tp_recovery.bin 
 +Received 8152633 bytes in 0.8 seconds 
 +tftp> quit </code>
 If you have received the file, congratulations, it's ready. If you have received the file, congratulations, it's ready.
 +\\ \\
 +===== Troubleshooting steps =====
  
-==== Troubleshooting ==== 
 TFTP file transfer doesn't work from local computer TFTP file transfer doesn't work from local computer
   * Check if your TFTP server is running and listening   * Check if your TFTP server is running and listening
Line 124: Line 224:
   * Check if network cable is connected properly   * Check if network cable is connected properly
   * Check if server IP is set correctly   * Check if server IP is set correctly
 +  * Make sure server firewall allows inbound TFTP on UDP port 69
 +  * Check that you have opened up UDP 69 traffic from the local subnet in the host firewall.
 +  * Restart the server if you have just changed the local host IP address.
 TFTP file transfer works from another computer, but not from router: TFTP file transfer works from another computer, but not from router:
   * Check if server IP is set correctly (same as router is searching for)   * Check if server IP is set correctly (same as router is searching for)
 +  * Check that the host running the TFTP server is using the specific fixed IP address and subnet mask that your router is expecting to use.
   * Try using alternate cable, a crossover cable or alternate switch/speed   * Try using alternate cable, a crossover cable or alternate switch/speed
   * Try connecting to an alternate port on the router / routers switch   * Try connecting to an alternate port on the router / routers switch
Line 132: Line 236:
   * Use arp -s to add a static mapping or arp -d to delete stale entries...   * Use arp -s to add a static mapping or arp -d to delete stale entries...
   * Use a third host to simply ping the router, both with static addresses if possible   * Use a third host to simply ping the router, both with static addresses if possible
-  * Try an alternate server software, client software or tftp transfer mode +  * Try an alternate server software, client software or TFTP transfer mode 
-  * If you get some activity, timing can often yield results, power cycle the router and start the transfer earlier or later...  +  * If you get some activity, timing can often yield results, power cycle the router and start the transfer earlier or later... 
- +  * Check that you have downloaded a firmware image that contains "tftp" in its filename, and that you have renamed this file to the specific OEM filename that your router is expecting. 
 +  * Run a packet sniffing tool like [[https://www.wireshark.org/|Wireshark]], while using "tftp" as the display filter.
  • Last modified: 2024/10/10 14:15
  • by trendy