TFTP (Trivial File Transfer Protocol) is a lightweight file transfer protocol widely used in scenarios requiring minimal protocol overhead. Unlike more complex protocols like FTP or HTTP, TFTP is designed for simple, fast file transfers, often in environments where low resource usage and quick deployment are critical.

In this guide, we’ll explore how to set up a TFTP server on Fedora 40 using Dnsmasq. Along the way, we’ll also dive into the history and use cases of TFTP to provide a comprehensive understanding.

What Is TFTP?

TFTP stands for Trivial File Transfer Protocol. It is a simplified version of the File Transfer Protocol (FTP) that operates over UDP (User Datagram Protocol) rather than TCP. Its simplicity and minimal configuration make it ideal for specific use cases.
History and Development

First Introduced: TFTP was specified in RFC 1350 in 1981 by Karen R. Sollins. Developer: TFTP was originally designed as part of the DARPA Internet Program, aimed at creating simple, efficient protocols for resource-constrained systems. Core Design Philosophy: TFTP focuses on ease of implementation and minimal resource requirements, making it perfect for small embedded devices.

Why Use TFTP?

• Simplicity: Requires minimal configuration and supports only basic file transfers.
• Efficiency: Operates over UDP, avoiding the overhead of connection establishment in TCP.
• Specific Use Cases: TFTP is commonly used for:
  • Bootstrapping diskless devices (e.g., PXE boot).
  • Configuring network devices such as routers and switches.
  • Transferring firmware updates to embedded systems.

Install Dnsmasq

Dnsmasq is a lightweight and versatile DNS and DHCP server that can also provide TFTP services. To begin, ensure it is installed on your system:

Open a terminal and run the following command:

sudo dnf install dnsmasq -y

Once installed, verify the package by checking the version:

dnsmasq --version

Dnsmasq combines simplicity with powerful configuration options, making it ideal for TFTP server setups.

Configure Dnsmasq as a TFTP Server

The Dnsmasq configuration file is where you define your TFTP settings.
Open the Dnsmasq configuration file for editing:

sudo vim /etc/dnsmasq.conf

Add or modify the following lines to enable and configure the TFTP server:

# Enable TFTP
enable-tftp

# Define the TFTP root directory
tftp-root=/full/path/to/tftp-server/tftpdata

# Specify the server's IP address
listen-address=192.168.0.225

# Default TFTP port
port=69

Replace /full/path/to/tftp-server/tftpdata with the absolute path to your TFTP directory.

Save and close the file.

Verify Directory Permissions

Ensure the directory specified for TFTP files has appropriate permissions:

sudo chown -R dnsmasq:dnsmasq /full/path/to/tftp-server/tftpdata
sudo chmod -R 755 /full/path/to/tftp-server/tftpdata

To confirm the absolute path of your directory, use:

realpath tftp-server/tftpdata

Configure SELinux

Fedora uses SELinux by default, which may block access to the TFTP directory.

Check SELinux logs for issues:

sudo ausearch -m avc -ts recent

Allow Dnsmasq to access the TFTP directory:

sudo semanage fcontext -a -t public_content_t '/full/path/to/tftp-server/tftpdata(/.*)?'
sudo restorecon -Rv /full/path/to/tftp-server/tftpdata

Restart and Verify Dnsmasq Restart the Dnsmasq service:

sudo systemctl restart dnsmasq

Check the service status:

sudo systemctl status dnsmasq

Set a Static IP

Ensure the PC running the TFTP server has a static IP address.

Temporarily assign the IP 192.168.0.225/24 to your network interface:

sudo ip addr add 192.168.0.225/24 dev

Replace with your network interface name, which you can find using:

ip link

Allow TFTP service through the firewall

sudo firewall-cmd –permanent –add-service=tftp
sudo firewall-cmd –reload Confirm the TFTP port is open.

Enable Detailed Logging in Dnsmasq

Edit the Dnsmasq configuration file:

sudo nano /etc/dnsmasq.conf

Add the following lines to enable logging:

log-dhcp
log-queries
tftp-no-fail

Save the file and restart Dnsmasq:

sudo systemctl restart dnsmasq

Monitor logs in real-time:

sudo journalctl -u dnsmasq -f

Test the TFTP Server

From another machine, connect to the TFTP server:

tftp 192.168.0.225

Attempt to download a file:

tftp> get

Replace with a file present in the TFTP root directory.

Check logs to confirm the request is processed correctly:

sudo journalctl -u dnsmasq -f

Validate the Server Activity

For additional validation:

Use tcpdump to monitor TFTP traffic:

sudo tcpdump -i <interface-name> port 69

Ensure file transfers work without errors and appear in the logs.

With this setup, you now have a functional TFTP server running on Fedora 40. It’s optimized for serving files securely and efficiently in a local network.