Anecdotes from a Linux Systems Administrator. /root

Home About Books Blog Portfolio Archive
18 September 2013

Monitoring TFTPd server

by Alpha01

So I just spent the last two hours of my life trying to figure why PXE booting was not working in my home network. Turned out the root cause was my fault completely since, I forgot to add a firewall rule on my dhcp/PXE server to allow incoming UDP connections on port 69.


iptables -A INPUT -p udp -m udp --dport 69 -j ACCEPT

As with just about any other service, this service can be monitored using Nagios. Originally, I had problems using the and check_tftp plugins that are available from on Nagios Exchange repo, mainly because of the way I have setup my machines.

This lead me to the path of writing my own custom solutions. So I wrote a simple Nagios plugin that monitors TFTP. All it simply does, is download a non-empty file called test.txt.

#!/usr/bin/perl -w
# Tony Baltazar. root[@]

use strict;
use Getopt::Long;

my %options;
GetOptions(\%options, "host|H:s", "port|p:i", "rport|R:s", "file|f:s", "help");

if ($options{help}) {
	exit 0;
} elsif ($options{host} && $options{port} && $options{file}) {

	my $cmd_str = ( $options{rport} ?  "/usr/bin/tftp -R $options{rport}:$options{rport} $options{host} $options{port} -c get $options{file}" : "/usr/bin/tftp $options{host} $options{port} -c get $options{file}");

	my $cmd = `$cmd_str`;
	if ($? != 0) {
		print "CRITICAL: $cmd";
		system("rm -f /tmp/$options{file}");
		exit 2;
	} else {
		if (! -z "/tmp/$options{file}" ) {
			print "TFTP is ok.\n$cmd";
			system("rm -f /tmp/$options{file}");
			exit 0;
		} else {
			print "WARNING: $cmd";
			system("rm -f /tmp/$options{file}");
			exit 1;

} else {

sub usage {
print <<EOF;

$0: TFTP monitor check Nagios plugin.

Syntax: $0 [--help|-H=<TFTP server> --port=<TFTP Port> --file=<Test file>]

   --host | -H  : TFTP server.
   --port | -p  : TFTP Port.
   --file | -m  : Test file that will be downloaded.
   --help | -h  : This help message.

   --rport | -R : Explicitly force the reverse originating connection's port.


Seeing the plugin in action

Assuming, we’re using port udp 1069 to allow the TFTP server ( to connect to the Nagios monitoring machine.

[root@monitor libexec]# iptables -L -n |grep "Chain INPUT"
Chain INPUT (policy DROP)
[root@monitor libexec]# iptables-save|grep 1069
-A INPUT -s -p udp -m udp --dport 1069 -j ACCEPT

Firewall not allowing TFTP to connect back using port 1066.

[root@monitor libexec]#  su - nagios -c '/usr/local/nagios/libexec/ -H -p 69 -R 1066 -f test.txt'
CRITICAL: Transfer timed out.

Downloading a non-existing file from the TFTP server.

[root@monitor tmp]#  su - nagios -c '/usr/local/nagios/libexec/ -H -p 69 -R 1069 -f test.txtFAKESHIT'
WARNING: Error code 1: File not found

Successful connection and transfer.

[root@monitor tmp]#  su - nagios -c '/usr/local/nagios/libexec/ -H -p 69 -R 1069 -f test.txt'
TFTP is ok.
Tags: [ perl nagios networking ]