TFTP runs on port 69 ================================================== inted.conf tftp dgram udp wait root /usr/sbin/tcpd in.tftpd /tftpboot /kickstart ================================================== firewall protection ipchains -A input -p udp -j ACCEPT -s 10.0.0.0/8 -d 0.0.0.0/0 69 ipchains -A input -p udp -j ACCEPT -s some.trusted.host -d 0.0.0.0/0 69 ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 69 -------------------------------------------------- utftpd is a secure replace for the stock tftpd ================================================== Boot Sun etc. When the client tries to boot from the network, it will ask for a file with a special name that the boot image should have. The file name is determined by the IP address of the client, and by it's architecture on systems other than sun4u. This is normally done by placing the appropriate boot image in the directory /tftpboot on the server, and then create a symbolic link with the special file name that points to the boot image. To find the name for the link you will have to convert the four numbers between the dots of the decimal IP-address into hexadecimal. You should then put the hexadecimal figures together. Besides calculating the numbers by hand or using a battery feeded calculator, you have several ways of converting the IP address: addr, which is included in the Bind (the name server) package, the program bc, the converter from the package ghex, and of course from the OpenBoot PROM of your machine. An example of converting the IP address 172.28.230.104: 172 = AC 28 = 1C 230 = E6 104 = 68 With the addr utility: $ addr -p 172.28.230.104 Input: "172.28.230.104" Network: [af2 len4] ac 1c e6 68 Presentation: "172.28.230.104" From the OpenBoot PROM: ok d# 172 . ac ok d# 28 . 1c ok d# 230 . e6 ok d# 104 . 68 When put together, this will result into AC1CE668, the name of the symbolic link. If the architecture of the client is not sun4u (UltraSPARC), you will have to add the systems' architecture name to the symbolic link, where our example would become AC1CE668.SUN4M for a SPARCstation 5 (sun4m). Finally, you will have to decide what file to point the symbolic link to. Most distributions support two ways of booting from the network: Booting a kernel with an NFS-mounted root filesystem. Booting from a network-loaded ramdisk (mostly called tftpboot.img). Bootimages can be found in respectively images for Red Hat and Mandrake, and dists//main/disks-sparc/sun4xx for Debian. Copy the appropriate bootfile for the clients' architecture to /tftpboot on the server, and create the symbolic link. For the example client above, the following would be needed on the server for a Red Hat system: # cp /mnt/cdrom/images/tftp32.img /tftpboot # cd /tftpboot # ln -s tftpboot.img AC1CE668.SUN4M