HP OpenVMS Systems Documentation

HP TCP/IP Services for OpenVMS
Management

To add individual entries to the BOOTP database, use the SET BOOTP command, which has the following format:

SET BOOTP host /FILE=download_file/HARDWARE=ADDRESS=hex_address

In the following example, the SET BOOTP command adds host PLOVER, with hardware address 08-00-2D-20-23-21, to the BOOTP database. Note that the SET BOOTP command accepts as a parameter either the host name or the host's IP address. In the following example, the host name is specified:

TCPIP> SET BOOTP PLOVER /HARDWARE=ADDRESS=08-00-2D-20-23-21 /FILE=PLOVER.SYS

To display the BOOTP database, enter the SHOW BOOTP command, as follows:

TCPIP> SHOW BOOTP

Host                                    Hardware address

10.10.2.3                               08-00-00-20-23-21
10.10.2.120                             08-00-2B-A2-20-49
10.10.2.22                              08-00-2D-20-23-21

To modify a record in the BOOTP database, use the SET BOOTP command. For example, the following command stops using hosts seagull, tern, and sandpiper as gateways for downline loading to PLOVER:

TCPIP> SET BOOTP PLOVER /NOGATEWAYS=(seagull,tern,sandpiper)

To delete an entry from the BOOTP database, use the SET NOBOOTP command.

10.6 Solving BOOTP Problems

Most problems with BOOTP are due to:

• Inaccurate client information in the BOOTP database.
• Directory access restrictions because the TCPIP$BOOTP user account is not privileged.
• File access restrictions because the TCPIP$BOOTP user account is not privileged.

If BOOTP fails to respond to a client request, follow these steps:

1. Verify the accuracy of the information in the BOOTP database for that client, especially the hardware address and image file name.
2. Turn on logging.
3. Ensure that the BOOTP server has access to directories and files.
4. Set directory and file protections appropriately.

The BOOTP server ignores incoming requests from unknown clients (for example, clients that are not found in the BOOTP database). Therefore, it can be difficult to identify why incoming requests are not serviced.

By default, BOOTP does not generate logging information, even though it opens the file SYS$SYSDEVICE:[TCPIP$BOOTP]TCPIP$BOOTP_RUN.LOG. If you turn on logging, the log displays the client hardware address for every incoming BOOTP request, as well as any information used in response to those requests. With this information, you can detect whether the server sees a particular client request. To turn on logging, define the following logical name. To activate the logical, shut down and restart the BOOTP service. For example:

$ DEFINE /SYSTEM TCPIP$BOOTP_TRACE 1
$ @SYS$STARTUP:TCPIP$BOOTP_SHUTDOWN.COM
$ @SYS$STARTUP:TCPIP$BOOTP_STARTUP.COM

Remove the logical names and restart BOOTP as soon as the problem is fixed. On a busy network with frequent BOOTP requests, the log file can rapidly consume large amounts of space on your system disk.

The Trivial File Transfer Protocol (TFTP) handles the file transfer from a TFTP server to a diskless client or other remote system. The client initiates the file transfer.

If the client sends a read request to the TFTP server, the server attempts to locate this file.

The Bootstrap Protocol (BOOTP) server answers network bootstrap requests from diskless workstations and other network devices such as routers, terminal servers, and network switching equipment. For more information about setting up the BOOTP service, see Chapter 10.

This chapter reviews key concepts and describes:

• How to set up the TFTP service ( Section 11.2)
• TFTP security ( Section 11.3)
• How to solve TFTP problems ( Section 11.4)

TFTP has the following characteristics:

• TFTP clients are not registered in a database.
• TFTP, which runs as an unprivileged user in the TCPIP$TFTP account, is restricted to those files that the normal unprivileged user can access.
• TFTP clients are not regulated by the usual OpenVMS user security methods.
• No user name or password is required to use the TFTP service.

To set up the TFTP server software, run the TCPIP$CONFIG procedure. Refer to the HP TCP/IP Services for OpenVMS Installation and Configuration manual for information about running TCPIP$CONFIG.

The procedure creates:

• A TFTP user account
• Service records in the services database
• Default directories
• A TFTP root directory to which the logical name TCPIP$TFTP_ROOT: will point

The TFTP server allows clients to transfer data and program images to the TFTP server host. However, before the data transfer, a file must be created on the TFTP server host to which the data is transferred. This process controls the creation of files on the host, thereby preventing unwanted files from being created on the TFTP host.

Each incoming transfer of data to a file creates a new version of the target file. As a result, you must manage the consumption of disk space on the server system by carefully setting up file version limits for the target files and directories.

To limit the number of versions of a file that can be created in a new directory, include the /VERSION_LIMIT qualifier on the DCL command CREATE/DIRECTORY. For example:

$ CREATE/DIRECTORY/VERSION_LIMIT=10 [MYPROJECT.SAVE]

For more information about managing the directories and files for TFTP transfers, see Section 11.3.

11.2.2 TFTP Management Commands

Table 11-1 summarizes the TFTP management commands.

The logical name described in Table 11-2 can be used to modify the behavior of the TFTP service.

The TFTP service can be shut down and started independently. This is useful when you change parameters or logical names that require the service to be restarted. The following files are provided:

• SYS$STARTUP:TCPIP$TFTP_STARTUP.COM allows you to start up TFTP separately.
• SYS$STARTUP:TCPIP$TFTP_SHUTDOWN.COM allows you to shut down TFTP separately.

To preserve site-specific parameter settings and commands, create the following files. These files are not overwritten when you reinstall TCP/IP Services.

• SYS$STARTUP:TCPIP$TFTP_SYSTARTUP.COM can be used as a repository for site-specific definitions and parameters to be invoked when TFPT is started.
• SYS$STARTUP:TCPIP$TFTP_SYSHUTDOWN.COM can be used as a repository for site-specific definitions and parameters to be invoked when TFTP is shut down.

To enable and disable TFTP, use these commands:

• On the running system:
  • ENABLE SERVICE TFTP
  • DISABLE SERVICE TFTP
• In the configuration database:
  • SET CONFIGURATION ENABLE SERVICE TFTP
  • SET CONFIGURATION DISABLE SERVICE TFTP

To check whether these services are enabled or disabled, use these commands:

• SHOW SERVICE TFTP
• SHOW CONFIGURATION ENABLE SERVICE TFTP

The following example illustrates how to obtain complete information about TFTP settings and statistics:

TCPIP> SHOW SERVICE TFTP /FULL

Service: TFTP
                           State:     Enabled
Port:            69     Protocol:  UDP            Address:  0.0.0.0
Inactivity:       5     User_name: TCPIP$TFTP     Process:  TCPIP$TFTP
Limit:            1     Active:         1         Peak:          1

File:         SYS$SYSDEVICE:[TCPIP$TFTP]TCPIP$TFTP_RUN.COM
Flags:        Listen

Socket Opts:  Rcheck Scheck
 Receive:            0     Send:               0

Log Opts:     Acpt Actv Dactv Conn Error Exit Logi Logo Mdfy Rjct TimO Addr
 File:        SYS$SYSDEVICE:[TCPIP$TFTP]TCPIP$TFTPD_RUN.LOG

Security
 Reject msg:  not defined
 Accept host: 0.0.0.0
 Accept netw: 0.0.0.0

For security purposes, the server runs as an unprivileged image that can access only the directories and files for which it has read access.

HP recommends that you safeguard your system's normal file protection mechanisms from unauthorized TFTP access. In particular, ensure the security of system files.

A client's download request can use one of several formats for its file name specification:

• If the unprivileged TFTP server has read access to the requested file, the client uses a fully qualified file name, including the device, directory, name, and extension, to directly access the file.
• If the client specifies only the file name and extension, the TFTP server attempts to locate the file in the default TFTP directory tree.
  You can designate this directory tree with the system logical name TCPIP$TFTP_ROOT:. This is a concealed device name that usually points to the directory SYS$SYSDEVICE:[TCPIP$TFTP_ROOT]. When looking for a directory, the TFTP server looks first in the TCPIP$TFTP_ROOT: area with the same name as the requesting client's host name.

For example, if a client named GULL.SHORE.COM sends a read request for the file SERVICE.DAT, the server's first attempt to find the file is in TCPIP$TFTP_ROOT:[GULL]. If that directory does not exist, the server next looks in the TCPIP$TFTP_ROOT: root directory, for example, in TCPIP$TFTP_ROOT:[000000]SERVICE.DAT.

If the TFTP client requests a file by specifying a name in UNIX format (for example, /etc/gull/myfile ), TFTP translates this file specification into OpenVMS format.

The TFTP server runs as the nonprivileged OpenVMS user accounts TCPIP$TFTP. When you set up TFTP, follow these security procedures:

• Ensure that neither server has automatic access to any files.
  To make files accessible to the TFTP server, grant appropriate access to its account. Use the normal OpenVMS file protection procedures. For example, enter the DCL command DIRECTORY/SECURITY.
• Prevent unauthorized access to sensitive system or user data. Before you enable TFTP, ensure that you have set up all the necessary file protections.
• Give the TCPIP$TFTP user account read access to the files in the TCPIP$TFTP_ROOT: directory tree that might be used for downloading.

The TFTP server is restricted to accessing only files or directories that OpenVMS file system security measures allow. Verify that these files have the appropriate protection and ownership so that the TFTP server has access to them. See Section 11.3 for more information.

• Ensure that the TFTP server has access to directories and files. Set protections accordingly.
• Create the target files to enable TFTP to reply to write requests.

The log file, SYS$SYSDEVICE:[TCPIP$TFTP]TCPIP$TFTP_RUN.LOG, can be useful for troubleshooting TFTP transfer failures.

The Portmapper service eliminates the need to preconfigure all client and server remote procedure call (RPC) applications with the port numbers they use. The Portmapper "listens" at port 111 and maintains a database of registered server programs, their unique program numbers, and assigned port numbers.

This chapter describes:

• How to configure the services that use RPC with information that the Portmapper needs ( Section 12.1)
• How to start up and shut down the Portmapper ( Section 12.2)
• How to display Portmapper settings ( Section 12.3)

For information about programming with the RPC application programming interface (API), refer to the HP TCP/IP Services for OpenVMS ONC RPC Programming manual.

12.1 Configuring Services to Use the Portmapper

You must run the Portmapper in order to use the following applications:

• MOUNT
• NFS Server
• PC-NFS
• Any customer-developed programs that use RPC

When you configure these services with TCPIP$CONFIG, you are automatically prompted to set up the Portmapper service. The Portmapper service is then started when you start TCP/IP Services.

The SET SERVICE command configures the applications so that they are known to the Portmapper. To set RPC-related parameters, use the /RPC qualifier, as follows:

TCPIP> SET SERVICE service -
_TCPIP> /RPC=(PROGRAM_NUMBER=n, VERSION_NUMBER=(LOWEST=n, HIGHEST=n))

The TCPIP services that use the Portmapper have the following default values for the /RPC qualifier:

The Portmapper service can be shut down and started independently. This is useful when you change parameters or logical names that require the service to be restarted.

The following files are provided:

• SYS$STARTUP:TCPIP$PORTMAPPER_STARTUP.COM allows you start up the Portmapper service separately.
• SYS$STARTUP:TCPIP$PORTMAPPER_SHUTDOWN.COM allows you to shut down the Portmapper service separately.

To preserve site-specific parameter settings and commands, you can create the following files. These files are not overwritten when you reinstall TCP/IP Services.

• SYS$STARTUP:TCPIP$PORTMAPPER_SYSTARTUP.COM can be used as a repository for site-specific definitions and parameters used in the Portmapper startup procedure.
• SYS$STARTUP:TCPIP$PORTMAPPER_SYSHUTDOWN.COM can be used as a repository for site-specific definitions and parameters used in the Portmapper shutdown procedure.

The following examples show a variety of commands you can use to get information about the Portmapper and the services that depend on it.

1. The following example displays the RPC options for these running services: MOUNT, NFS, PC-NFS, and the Portmapper.

   TCPIP> SHOW SERVICE /RPC /PERMANENT RPC Protocol Versions Service Program Number Lowest / Highest MOUNT 100005 1 3 NFS 100003 2 3 PCNFS 150001 1 2 PORTMAPPER 100000 2 2 TCPIP>

2. In the following example, the /FULL and /PERMANENT qualifiers display the RPC options for the NFS server, whose program number is 100003, lowest version is 2, and highest version is 3.

   TCPIP> SHOW SERVICE NFS /FULL /PERMANENT Service: NFS Port: 2049 Protocol: UDP Address: 0.0.0.0 Inactivity: 0 User_name: TCPIP$NFS Process: TCPIP$NFS Limit: 1 File: TCPIP$SYSTEM:TCPIP$NFS_RUN.COM Flags: TCPIP Socket Opts: Rcheck Scheck Receive: 64000 Send: 64000 Log Opts: Acpt Actv Dactv Conn Error Exit Logi Logo Mdfy Rjct TimO Addr File: SYS$SYSDEVICE:[TCPIP$NFS]TCPIP$NFS_RUN.LOG RPC Opts Program number: 100003 Low version: 2 High version: 3 Security Reject msg: not defined Accept host: 0.0.0.0 Accept netw: 0.0.0.0 TCPIP>

3. The following example shows how to display information about all the registered applications:

   TCPIP> SHOW PORTMAPPER Program Number Version Protocol Port-number Process Service-name --------------------- ------- -------- ----------- -------- ------------ 000186A0 ( 100000) 2 TCP 111 00000060 PORTMAPPER 000186A0 ( 100000) 2 UDP 111 00000060 PORTMAPPER 000186A5 ( 100005) 1 UDP 10 00000064 MOUNT 000186A5 ( 100005) 3 UDP 10 00000064 MOUNT 000186A5 ( 100005) 1 TCP 10 00000064 MOUNT 000186A5 ( 100005) 3 TCP 10 00000064 MOUNT 000186A3 ( 100003) 2 TCP 2049 00000065 NFS 000186A3 ( 100003) 2 UDP 2049 00000065 NFS 000186A3 ( 100003) 3 TCP 2049 00000065 NFS 000186A3 ( 100003) 3 UDP 2049 00000065 NFS

4. The following example shows how to monitor the server:

   TCPIP> SHOW SERVICE PORTMAPPER Service Port Protocol Process Address State PORTMAPPER 111 TCP,UDP TCPIP$PORTM 0.0.0.0 Enabled TCPIP>