HP OpenVMS Systems Documentation

Content starts here HP TCP/IP Services for OpenVMS

HP TCP/IP Services for OpenVMS
Management


Previous Contents Index

10.5.3 Creating Individual Entries

To add individual entries to the BOOTP database, use the SET BOOTP command, which has the following format:


SET BOOTP host /FILE=download_file/HARDWARE=ADDRESS=hex_address

In the following example, the SET BOOTP command adds host PLOVER, with hardware address 08-00-2D-20-23-21, to the BOOTP database. Note that the SET BOOTP command accepts as a parameter either the host name or the host's IP address. In the following example, the host name is specified:


TCPIP> SET BOOTP PLOVER /HARDWARE=ADDRESS=08-00-2D-20-23-21 /FILE=PLOVER.SYS

To display the BOOTP database, enter the SHOW BOOTP command, as follows:


TCPIP> SHOW BOOTP

Host                                    Hardware address

10.10.2.3                               08-00-00-20-23-21
10.10.2.120                             08-00-2B-A2-20-49
10.10.2.22                              08-00-2D-20-23-21

10.5.4 Modifying and Deleting Entries

To modify a record in the BOOTP database, use the SET BOOTP command. For example, the following command stops using hosts seagull, tern, and sandpiper as gateways for downline loading to PLOVER:


TCPIP> SET BOOTP PLOVER /NOGATEWAYS=(seagull,tern,sandpiper)

To delete an entry from the BOOTP database, use the SET NOBOOTP command.

10.6 Solving BOOTP Problems

Most problems with BOOTP are due to:

  • Inaccurate client information in the BOOTP database.
  • Directory access restrictions because the TCPIP$BOOTP user account is not privileged.
  • File access restrictions because the TCPIP$BOOTP user account is not privileged.

If BOOTP fails to respond to a client request, follow these steps:

  1. Verify the accuracy of the information in the BOOTP database for that client, especially the hardware address and image file name.
  2. Turn on logging.
  3. Ensure that the BOOTP server has access to directories and files.
  4. Set directory and file protections appropriately.

The BOOTP server ignores incoming requests from unknown clients (for example, clients that are not found in the BOOTP database). Therefore, it can be difficult to identify why incoming requests are not serviced.

By default, BOOTP does not generate logging information, even though it opens the file SYS$SYSDEVICE:[TCPIP$BOOTP]TCPIP$BOOTP_RUN.LOG. If you turn on logging, the log displays the client hardware address for every incoming BOOTP request, as well as any information used in response to those requests. With this information, you can detect whether the server sees a particular client request. To turn on logging, define the following logical name. To activate the logical, shut down and restart the BOOTP service. For example:


$ DEFINE /SYSTEM TCPIP$BOOTP_TRACE 1
$ @SYS$STARTUP:TCPIP$BOOTP_SHUTDOWN.COM
$ @SYS$STARTUP:TCPIP$BOOTP_STARTUP.COM

Remove the logical names and restart BOOTP as soon as the problem is fixed. On a busy network with frequent BOOTP requests, the log file can rapidly consume large amounts of space on your system disk.


Chapter 11
Configuring and Managing TFTP

The Trivial File Transfer Protocol (TFTP) handles the file transfer from a TFTP server to a diskless client or other remote system. The client initiates the file transfer.

If the client sends a read request to the TFTP server, the server attempts to locate this file.

The Bootstrap Protocol (BOOTP) server answers network bootstrap requests from diskless workstations and other network devices such as routers, terminal servers, and network switching equipment. For more information about setting up the BOOTP service, see Chapter 10.

This chapter reviews key concepts and describes:

11.1 Key Concepts

TFTP has the following characteristics:

  • TFTP clients are not registered in a database.
  • TFTP, which runs as an unprivileged user in the TCPIP$TFTP account, is restricted to those files that the normal unprivileged user can access.
  • TFTP clients are not regulated by the usual OpenVMS user security methods.
  • No user name or password is required to use the TFTP service.

11.2 Setting up the TFTP Service

To set up the TFTP server software, run the TCPIP$CONFIG procedure. Refer to the HP TCP/IP Services for OpenVMS Installation and Configuration manual for information about running TCPIP$CONFIG.

The procedure creates:

  • A TFTP user account
  • Service records in the services database
  • Default directories
  • A TFTP root directory to which the logical name TCPIP$TFTP_ROOT: will point

11.2.1 Transferring Data to the TFTP Host

The TFTP server allows clients to transfer data and program images to the TFTP server host. However, before the data transfer, a file must be created on the TFTP server host to which the data is transferred. This process controls the creation of files on the host, thereby preventing unwanted files from being created on the TFTP host.

Each incoming transfer of data to a file creates a new version of the target file. As a result, you must manage the consumption of disk space on the server system by carefully setting up file version limits for the target files and directories.

To limit the number of versions of a file that can be created in a new directory, include the /VERSION_LIMIT qualifier on the DCL command CREATE/DIRECTORY. For example:


$ CREATE/DIRECTORY/VERSION_LIMIT=10 [MYPROJECT.SAVE]

For more information about managing the directories and files for TFTP transfers, see Section 11.3.

11.2.2 TFTP Management Commands

Table 11-1 summarizes the TFTP management commands.

Table 11-1 TFTP Management Commands
Command Function
ENABLE SERVICE TFTP Enables the TFTP service.
DISABLE SERVICE TFTP Disables the TFTP service.
SET SERVICE TFTP Configures TFTP in the service database.
SET NOSERVICE TFTP Disables TFTP in the service database.
SHOW SERVICE TFTP Displays information about TFTP from the service database.

11.2.3 TFTP Logical Names

The logical name described in Table 11-2 can be used to modify the behavior of the TFTP service.

Table 11-2 TFTP Logical Names
Name Function
TCPIP$TFTP_EXTLOG Enables logging of client read and write requests, as well as any error messages the server reports to the clients while processing those requests. By default, this logical name is set to 0, or OFF.
TCPIP$TFTP_FASTCLOSE If set, the socket and file are closed immediately after the server receives the last block of a file, on client write operations. If the logical is set, the server's last acknowledgment message is lost and no retransmission is done. This may appear to the client to be a failure. By default, this logical is set to 0, or OFF.
TCPIP$TFTP_ROOT Defines a concealed device that points to TFTP data storage. By default, the concealed device is SYS$SYSDEVICE:[TCPIP$TFTP_ROOT]. For more information, see Section 11.3.
TCPIP$TFTP_TRACE Enables logging of detailed tracing information about server operation, including logging of blocks sent and received, as well as other useful trace information. By default, this logical name is set to 0, or OFF.

11.2.4 TFTP Startup and Shutdown

The TFTP service can be shut down and started independently. This is useful when you change parameters or logical names that require the service to be restarted. The following files are provided:

  • SYS$STARTUP:TCPIP$TFTP_STARTUP.COM allows you to start up TFTP separately.
  • SYS$STARTUP:TCPIP$TFTP_SHUTDOWN.COM allows you to shut down TFTP separately.

To preserve site-specific parameter settings and commands, create the following files. These files are not overwritten when you reinstall TCP/IP Services.

  • SYS$STARTUP:TCPIP$TFTP_SYSTARTUP.COM can be used as a repository for site-specific definitions and parameters to be invoked when TFPT is started.
  • SYS$STARTUP:TCPIP$TFTP_SYSHUTDOWN.COM can be used as a repository for site-specific definitions and parameters to be invoked when TFTP is shut down.

11.2.5 Enabling and Disabling TFTP

To enable and disable TFTP, use these commands:

  • On the running system:
    • ENABLE SERVICE TFTP
    • DISABLE SERVICE TFTP
  • In the configuration database:
    • SET CONFIGURATION ENABLE SERVICE TFTP
    • SET CONFIGURATION DISABLE SERVICE TFTP

To check whether these services are enabled or disabled, use these commands:

  • SHOW SERVICE TFTP
  • SHOW CONFIGURATION ENABLE SERVICE TFTP

The following example illustrates how to obtain complete information about TFTP settings and statistics:


TCPIP> SHOW SERVICE TFTP /FULL

Service: TFTP
                           State:     Enabled
Port:            69     Protocol:  UDP            Address:  0.0.0.0
Inactivity:       5     User_name: TCPIP$TFTP     Process:  TCPIP$TFTP
Limit:            1     Active:         1         Peak:          1

File:         SYS$SYSDEVICE:[TCPIP$TFTP]TCPIP$TFTP_RUN.COM
Flags:        Listen

Socket Opts:  Rcheck Scheck
 Receive:            0     Send:               0

Log Opts:     Acpt Actv Dactv Conn Error Exit Logi Logo Mdfy Rjct TimO Addr
 File:        SYS$SYSDEVICE:[TCPIP$TFTP]TCPIP$TFTPD_RUN.LOG

Security
 Reject msg:  not defined
 Accept host: 0.0.0.0
 Accept netw: 0.0.0.0

11.3 TFTP Security

For security purposes, the server runs as an unprivileged image that can access only the directories and files for which it has read access.

HP recommends that you safeguard your system's normal file protection mechanisms from unauthorized TFTP access. In particular, ensure the security of system files.

A client's download request can use one of several formats for its file name specification:

  • If the unprivileged TFTP server has read access to the requested file, the client uses a fully qualified file name, including the device, directory, name, and extension, to directly access the file.
  • If the client specifies only the file name and extension, the TFTP server attempts to locate the file in the default TFTP directory tree.
    You can designate this directory tree with the system logical name TCPIP$TFTP_ROOT:. This is a concealed device name that usually points to the directory SYS$SYSDEVICE:[TCPIP$TFTP_ROOT]. When looking for a directory, the TFTP server looks first in the TCPIP$TFTP_ROOT: area with the same name as the requesting client's host name.

For example, if a client named GULL.SHORE.COM sends a read request for the file SERVICE.DAT, the server's first attempt to find the file is in TCPIP$TFTP_ROOT:[GULL]. If that directory does not exist, the server next looks in the TCPIP$TFTP_ROOT: root directory, for example, in TCPIP$TFTP_ROOT:[000000]SERVICE.DAT.

If the TFTP client requests a file by specifying a name in UNIX format (for example, /etc/gull/myfile ), TFTP translates this file specification into OpenVMS format.

The TFTP server runs as the nonprivileged OpenVMS user accounts TCPIP$TFTP. When you set up TFTP, follow these security procedures:

  • Ensure that neither server has automatic access to any files.
    To make files accessible to the TFTP server, grant appropriate access to its account. Use the normal OpenVMS file protection procedures. For example, enter the DCL command DIRECTORY/SECURITY.
  • Prevent unauthorized access to sensitive system or user data. Before you enable TFTP, ensure that you have set up all the necessary file protections.
  • Give the TCPIP$TFTP user account read access to the files in the TCPIP$TFTP_ROOT: directory tree that might be used for downloading.

11.4 Solving TFTP Problems

The TFTP server is restricted to accessing only files or directories that OpenVMS file system security measures allow. Verify that these files have the appropriate protection and ownership so that the TFTP server has access to them. See Section 11.3 for more information.

  • Ensure that the TFTP server has access to directories and files. Set protections accordingly.
  • Create the target files to enable TFTP to reply to write requests.

The log file, SYS$SYSDEVICE:[TCPIP$TFTP]TCPIP$TFTP_RUN.LOG, can be useful for troubleshooting TFTP transfer failures.


Chapter 12
Configuring and Managing the Portmapper

The Portmapper service eliminates the need to preconfigure all client and server remote procedure call (RPC) applications with the port numbers they use. The Portmapper "listens" at port 111 and maintains a database of registered server programs, their unique program numbers, and assigned port numbers.

This chapter describes:

  • How to configure the services that use RPC with information that the Portmapper needs ( Section 12.1)
  • How to start up and shut down the Portmapper ( Section 12.2)
  • How to display Portmapper settings ( Section 12.3)

For information about programming with the RPC application programming interface (API), refer to the Compaq TCP/IP Services for OpenVMS ONC RPC Programming manual.

12.1 Configuring Services to Use the Portmapper

You must run the Portmapper in order to use the following applications:

  • MOUNT
  • NFS Server
  • PC-NFS
  • Any customer-developed programs that use RPC

When you configure these services with TCPIP$CONFIG, you are automatically prompted to set up the Portmapper service. The Portmapper service is then started when you start TCP/IP Services.

The SET SERVICE command configures the applications so that they are known to the Portmapper. To set RPC-related parameters, use the /RPC qualifier, as follows:


TCPIP> SET SERVICE service -
_TCPIP> /RPC=(PROGRAM_NUMBER=n, VERSION_NUMBER=(LOWEST=n, HIGHEST=n))

The TCPIP services that use the Portmapper have the following default values for the /RPC qualifier:

Service Default Program Number Default Lowest Version Default Highest Version
MOUNT 100005 1 3
NFS Server 100003 2 3
PC-NFS 150001 1 2
PORTMAPPER 100000 1 1

12.2 Portmapper Startup and Shutdown

The Portmapper service can be shut down and started independently. This is useful when you change parameters or logical names that require the service to be restarted.

The following files are provided:

  • SYS$STARTUP:TCPIP$PORTMAPPER_STARTUP.COM allows you start up the Portmapper service separately.
  • SYS$STARTUP:TCPIP$PORTMAPPER_SHUTDOWN.COM allows you to shut down the Portmapper service separately.

To preserve site-specific parameter settings and commands, you can create the following files. These files are not overwritten when you reinstall TCP/IP Services.

  • SYS$STARTUP:TCPIP$PORTMAPPER_SYSTARTUP.COM can be used as a repository for site-specific definitions and parameters used in the Portmapper startup procedure.
  • SYS$STARTUP:TCPIP$PORTMAPPER_SYSHUTDOWN.COM can be used as a repository for site-specific definitions and parameters used in the Portmapper shutdown procedure.

12.3 Displaying Portmapper Information

The following examples show a variety of commands you can use to get information about the Portmapper and the services that depend on it.

  1. The following example displays the RPC options for these running services: MOUNT, NFS, PC-NFS, and the Portmapper.


    TCPIP> SHOW SERVICE /RPC /PERMANENT
    
                             RPC              Protocol Versions
    Service             Program Number         Lowest / Highest
    
    MOUNT                     100005                 1        3
    NFS                       100003                 2        3
    PCNFS                     150001                 1        2
    PORTMAPPER                100000                 2        2
    TCPIP>
    
    
  2. In the following example, the /FULL and /PERMANENT qualifiers display the RPC options for the NFS server, whose program number is 100003, lowest version is 2, and highest version is 3.


    TCPIP> SHOW SERVICE NFS /FULL /PERMANENT
    
    Service: NFS
    
    Port:             2049     Protocol:  UDP             Address:  0.0.0.0
    Inactivity:          0     User_name: TCPIP$NFS         Process:  TCPIP$NFS
    Limit:               1
    
    File:         TCPIP$SYSTEM:TCPIP$NFS_RUN.COM
    Flags:        TCPIP
    
    Socket Opts:  Rcheck Scheck
     Receive:        64000     Send:           64000
    
    Log Opts:     Acpt Actv Dactv Conn Error Exit Logi Logo Mdfy Rjct TimO Addr
     File:        SYS$SYSDEVICE:[TCPIP$NFS]TCPIP$NFS_RUN.LOG
    
    RPC Opts
     Program number:      100003  Low version:      2   High version:      3
    
    Security
     Reject msg:  not defined
     Accept host: 0.0.0.0
     Accept netw: 0.0.0.0
    TCPIP>
    
  3. The following example shows how to display information about all the registered applications:


    TCPIP> SHOW PORTMAPPER
    
        Program Number     Version  Protocol  Port-number  Process   Service-name
    ---------------------  -------  --------  -----------  --------  ------------
    000186A0 (    100000)        2  TCP         111        00000060  PORTMAPPER
    000186A0 (    100000)        2  UDP         111        00000060  PORTMAPPER
    000186A5 (    100005)        1  UDP          10        00000064  MOUNT
    000186A5 (    100005)        3  UDP          10        00000064  MOUNT
    000186A5 (    100005)        1  TCP          10        00000064  MOUNT
    000186A5 (    100005)        3  TCP          10        00000064  MOUNT
    000186A3 (    100003)        2  TCP        2049        00000065  NFS
    000186A3 (    100003)        2  UDP        2049        00000065  NFS
    000186A3 (    100003)        3  TCP        2049        00000065  NFS
    000186A3 (    100003)        3  UDP        2049        00000065  NFS
    
    
  4. The following example shows how to monitor the server:


    TCPIP> SHOW SERVICE PORTMAPPER
    
    Service     Port      Protocol        Process     Address     State
    
    PORTMAPPER   111       TCP,UDP      TCPIP$PORTM     0.0.0.0     Enabled
    
    TCPIP>
    


Previous Next Contents Index