[NTLUG:Discuss] tftp server administratively unavailable

Leroy Tennison leroy_tennison at prodigy.net
Fri Jul 8 04:20:27 CDT 2005 

Robert Thompson wrote:

> > ICMP message was Type 3 -  Destination Unreachable, and
> > Code 10 - Host administratively  prohibited.
>
> Those ICMP codes are network error messages, so don't have anything to 
> do with the TFTP application or file permissions. ICMP errors are done 
> on a lower layer than the TFTP daemon, ie the network stack before the 
> traffic even hits the filesystem. The 'admin prohibited' usually means 
> that there's a firewall involved and that traffic is forbidden to 
> travel to that IP (ie an admin has configured a firewall to prohibit 
> the traffic to that host).
>
> > remember tftp is 69/udp, so make sure your FW on the host is opened
> > properly.
>
> Yep, make sure port 69/udp is open and allowed through all devices on 
> the path.
>
> =-= Robert Thompson
>
>
> MadHat wrote:
>
>>
>> On Jul 7, 2005, at 2:27 PM, Dennis Rice wrote:
>>
>>> I am trying to set up a tftp server for maintaining router  
>>> configuration information.  The configuration is simple, but the  
>>> problem is when I attempt to write a file to it.  System is FC3.
>>>
>>> When coping the data to the server from the router (cisco), I get  
>>> the return message of "destination unreachable".  I have modified  
>>> the directory and file to rwx for u/g/o (make it work, then secure).
>>>
>>> Using ethereal, I found that the return ICMP message was Type 3 -  
>>> Destination Unreachable, and Code 10 - Host administratively  
>>> prohibited.
>>>
>>> I enterpret this as meaning that the user is restricted, but by  
>>> what I do not understand.  Would appreciate suggestions as to what  
>>> I can look at.
>>
>>
>>
>> remember tftp is 69/udp, so make sure your FW on the host is opened  
>> properly.
>>
>> -- 
>> MadHat (at) Unspecific.com, C²ISSP
>> E786 7B30 7534 DCC2 94D5  91DE E922 0B21 9DDC 3E98
>> gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98
>>
>>
>> _______________________________________________
>> https://ntlug.org/mailman/listinfo/discuss
>>
>>
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
>
>
I don't know whose ftp server you are using (I know, it's tftp, I'm 
assuminbg that tftp is being supplied by an ftp implementation) or on 
what distribution but I ran into roadblocks with vsftp because of the 
way SuSE configured it.  Basically they had it set up as an 
anonymous-only read-only server.  If there's no firewall then take a 
close look at the configuration.  I had to read the man page carefully 
to find my answer: VSFTPD won't operate if it's root is anonymous and 
writable.  SuSE's default configuration didn't provide a subdirectory 
undet the ftp root which was writable.  If this seems promising I'll be 
glad to discuss in details.

More information about the Discuss mailing list