Scott A. Friedman friedman at ucla.edu
Thu Jul 10 11:23:33 PDT 2003


A host of mine which acts as a gateway for a cluster also acts as a dhcp
and tftp server for the cluster nodes. Recently, for reasons that are
not really important we changed the interfaces so that eth0 is conencted
to our production network and the eth1 network is connected to the
cluster's internal network. It was the opposite before. Normally, we
want most of the services running on this gateway to only be availble to
the internal network. For example, the dhcp and tftp server should only
respond to the internal network (cluster nodes). Making the dhcp server
do this was simple enough. We are having some trouble getting the tftp
server to do the same. In fact we cannot get the tftp server to respond
with anything other than timeouts on the internal network. These
timeouts occur from PXE boot clients (dhcp works for them) and using
command line tftp from an already booted client. tftp from the gateway
(tftp server) works. We are running tftp-hpa from xinetd whose config
file is included below.

service tftp
        socket_type     = dgram
        protocol        = udp
        wait            = yes
        user            = root
        server          = /usr/sbin/in.tftpd
        server_args     = -v -v -p -s /tftpboot
        only_from       =
        bind            =
        disable         = no

Here is the client tftp session:

tftp> connect
tftp> binary
tftp> get pxegrub
Transfer timed out.

The trace shows a connection from one fo the cluster nodes
( to the server ( The interesting thing is
the replies come from both (external interface) and the
internal. Could this be the problem? The gate is running NAT for the
internal network could this be causing a problem? When the internal
network was connected to eth0 previously everything worked fine.

Here is the ethereal trace from the server:

    No. Time        Source                Destination           Protocol
    147 13.640616           TFTP    
Read Request, File: pxegrub, Transfer type: octet
    148 13.678526         UDP     
Source port: 33184  Destination port: 32802
    149 13.679517           TFTP    
Acknowledgement, Block: 1
    150 13.679707          ICMP    
Destination unreachable
    151 14.674531         UDP     
Source port: 33184  Destination port: 32802
    152 14.675565           TFTP    
Acknowledgement, Block: 1
    153 14.675733          ICMP    
Destination unreachable
    154 16.674600         UDP     
Source port: 33184  Destination port: 32802
    155 16.675623           TFTP    
Acknowledgement, Block: 1
    156 16.675743          ICMP    
Destination unreachable
    157 20.674559         UDP     
Source port: 33184  Destination port: 32802
    158 20.675576           TFTP    
Acknowledgement, Block: 1
    159 20.675720          ICMP    
Destination unreachable
    160 21.902096   Cisco_8e:10:4e        CDP/VTP               CDP     
Cisco Discovery Protocol
    161 25.673873           TFTP    
Acknowledgement, Block: 1
    162 25.674020          ICMP    
Destination unreachable
    163 28.674494         UDP     
Source port: 33184  Destination port: 32802
    164 28.675470           TFTP    
Acknowledgement, Block: 1
    165 28.675648          ICMP    
Destination unreachable
    166 33.673652           TFTP    
Acknowledgement, Block: 1
    167 33.673813          ICMP    
Destination unreachable
    168 38.673568           TFTP    
Acknowledgement, Block: 1
    169 38.673749          ICMP    
Destination unreachable
    170 43.673485           TFTP    
Acknowledgement, Block: 1
    171 43.673693          ICMP    
Destination unreachable
    172 44.674570         UDP     
Source port: 33184  Destination port: 32802
    173 44.675578           TFTP    
Acknowledgement, Block: 1
    174 44.675744          ICMP    
Destination unreachable

Could the problem be that we are not binding tftpd to the right
interface? xinetd is starting the server is just appears that the
responses are not going out over the right interface.

Any help or pointers would be very much appreciated!

Scott Friedman

