Pertinent Info:
FreePBX 2.10.1.3
Asterisk 1.8.15
On a public IP, phones are not on local network, accessing via public
correct tftp directory is specified in xinetd.d/tftp
Issue:
Trying to implement tftp for endpoint manager, cannot get config files remotely.
Log for failed xfer (both from a phone attempt and me from other linux box):
Dec 20 01:24:54 pbx01 in.tftpd[1867]: RRQ from x.x.x.x filename spa942.cfg
Dec 20 01:24:54 pbx01 in.tftpd[1867]: tftpd: read(ack): Connection refused
Log attempt when ‘tftp {public IP}’ from pbx itself:
Dec 20 01:42:19 pbx01 xinetd[1849]: START: tftp pid=1939 from=x.x.x.x
Dec 20 01:42:19 pbx01 in.tftpd[1940]: RRQ from x.x.x.x filename spa942.cfg
Log ‘tftp localhost’:
Dec 20 01:46:19 pbx01 in.tftpd[1965]: RRQ from 127.0.0.1 filename spa942.cfg
tftp config:
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -vvv -s /tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
What I know / tried already:
xinetd is managing tftp, and it is running.
/tftpboot exists, has good perms, and expected files exist
I can tftp>get file via localhost and public IP from pbx, but not from outside server or phone
I’ve tried disabling both iptables and fail2ban, same results.
I’ve added an iptables entry for port 69
I’ve verified with nmap that port 69 is listening
I’ve verified with netstat that port 69 is listening on 0.0.0.0 (all interfaces)
SPA942 phone shows: Profile:tftp://{url}:69/spa942.cfg Status: Failed
perms on /tftpboot: drwxr-xr-x 3 asterisk asterisk 4096 Dec 19 23:56 tftpboot
I’ve tried chmod 777 on /tftpboot, same result
I’ve tried using IP and fqdn for remote attempt, same result.
I’m kind of stuck. Anyone got a suggestion?