[ previous ] [ next ] [ threads ]
 From:  "Bruce B. Lacey" <Bruce at BLacey dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] net4801 tftpd Access Violation (plea for help)
 Date:  Mon, 29 Mar 2004 08:37:02 -0800
I solved the problem and am posting this reply to the list in hopes 
that this information will help others who may encounter this problem.

The solution is to chroot the tftpd process if you are going to netboot 
using tftp.  You have to make two changes to the default FreeBSD 
inetd.conf file.

1.  change the tftpd command to include the -s command to chroot to the 
specified tftp directory
2.  change the user from nobody to root because only root can chroot

So the following inetd.conf tftpd entry works:

tftp	dgram	udp	wait	root	/usr/libexec/tftpd		tftpd -l -s 


On Mar 28, 2004, at 4:56 PM, Bruce B. Lacey wrote:

> Hello,
> I have read the Hackers guide for both m0n0wall and m0n0BSD, searched 
> google, FreeBSD.org and the m0n0wall mail archives and can't figure 
> out what is going on so I am resorting to a plea for help you all.
> I am trying to boot a Soekris 4801 box using pxe with tftp from a 
> FreeBSD 4.9 server however attempts by m0n0wall to access files after 
> a successful load of pxeboot fails with Access Violations.
> I compiled pxeboot using the LOADER_TFTP_SUPPORT=yes.  Sniffing the 
> traffic during boot shows that the pxeboot is trying to load using 
> tftp but it fails with Access Violations after loading pxeboot.
> Apparently the pxeboot process is trying to load files with an 
> absolute path at root such as /boot/loader.  If I try to access these 
> files using a tftp client, it fails however if I try it with a 
> relative path such as boot/loader it works fine.
> Below is the configuration information and the syslog errors that I am 
> receiving.
> Any ideas?
> Thanks in advance,
> Bruce
> ===========================
> RELEVANT inetd.conf information
> tftp    dgram   udp     wait    nobody  /usr/libexec/tftpd      tftpd 
> -l /usr/data/tftpboot
> RELEVANT dhcpd.conf information
> host m0n0wall {
>         hardware ethernet 00:00:24:c1:ca:34;
>         fixed-address m0n0wall.home;
>         filename "pxeboot";
>         next-server fireball.home;
>         option root-path "/usr/data/tftpboot";
> }