PXE-E32: TFTP open timeout
Peter Rathlev
peter at rathlev.dk
Wed Aug 6 07:10:34 UTC 2014
On Mon, 2014-08-04 at 09:11 -0700, Mahmood N wrote:
> When the client starts, it receives the following error
>
> CLIENT MAC ADDR: XXXXXXXXXXX
> CLIENT IP: 10.0.2.5 MASK: 255.255.255.240
> PXE-E32: TFTP open timeout
>
> I don't know if that error is related to dhcpd or xinetd.
> Any idea is welcomed.
This is not related to dhcpd and thus probably OT for this list. But
since it's peripherally related to DHCP... :-)
First check if xinetd is actually listening for the request:
# netstat -nlp | fgrep ":69 "
udp 0 0 0.0.0.0:69 0.0.0.0:* 2614/xinetd
If not (no output) then try to restart xinetd and see if it helps.
Next up, check your logs to see if tftpd actually sees the requests.
Look for "tftpd" (or "in.tftpd") tagged messages in /var/log/messages or
where ever you have it to log. You should see some lines with "RRQ"
messages. If you see these they might give you a hint, e.g. file not
found or permission denied. (Our tftpd on CentOS 5 doesn't always log
RRQs though, so lack of messages isn't necessarily a problem.)
Lastly, and probably the most probable cause, check to see if you might
have a firewall blocking the traffic on the server. First see if the
netfilter modules are loaded:
# lsmod | fgrep table
iptable_filter 36161 1
ip_tables 55457 1 iptable_filter
ip6table_filter 36033 1
ip6_tables 50177 1 ip6table_filter
x_tables 50505 6 ipt_REJECT,xt_state,ip_tables,ip6t_REJECT,xt_tcpudp,ip6_tables
If they are NOT loaded (i.e. empty output) then running the following
commands will actually load the modules. And you probably don't want
that.
Otherwise run "iptables -t filter -L -v -n". Look for things that might
deny your request, or maybe look for the specific opening that needs to
be there. It's inbound port 69/udp as you probably know.
A tcpdump from the server (e.g. "tcpdump -i eth0 -nn host <device>")
might give you a clue. If the server answers "port unreachable" it
sounds like xinetd isn't correctly listening. If the server answers
"admin prohibited" or doesn't answer at all it might be a firewall. If
the server answers with UDP traffic of some kind the packet contents
might give a hint. Beware that TFTP doesn't necessarily answer on port
69/udp so you have to look at all traffic between the to machines.
--
Peter
More information about the dhcp-users
mailing list