Hi,

I have a setup where the tftp server is inside the firewall.



Now the issue is tftp client send request on dynamic udp port. Can
anyone give some idea, how i can bind the fixed port for client udp
requests ?


Otherwise i hope, it is not a solution that i will open all port related
to UDP in the firewall.

Regards,
lingu

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

I use tftp through a masquerading firewall. To set it up I edited (on
the CentOS-4 firewall) /etc/sysconfig/iptables-config and set

IPTABLES_MODULES="ip_nat_tftp ip_conntrack_tftp"

I think ip_conntrack_tftp is what you need.

John.

lingu wrote:

Hi,

I have a setup where the tftp server is inside the firewall.

Now the issue is tftp client send request on dynamic udp port. Can
anyone give some idea, how i can bind the fixed port for client udp
requests ?
Otherwise i hope, it is not a solution that i will open all port related
to UDP in the firewall.


Regards,
lingu


------------------------------------------------------------------------

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



--
John Newbigin
ITS Senior Analyst / Programmer
Faculty of Information and Communication Technologies
Swinburne University of Technology
Melbourne, Australia
http://www.ict.swin.edu.au/staff/jnewbigin
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Hi ,

*Thanx for your reply* but my query is different already ip_conntrack_tftp is loaded in my centos . TFTP is working fine now ,but i want to toghten more security on iptables.Right now all of my udp port is opened, i dont want to do that .see my previous mail below


################################################## ##################
I have a setup where the tftp server is inside the firewall.



Now the issue is tftp client send request on dynamic udp port. Can
anyone give some idea, how i can bind the fixed port for client udp
requests ?


Otherwise i hope, it is not a solution that i will open all port related
to UDP in the firewall.
################################################## #######################

Regards,
lingu

On Mon, Jun 9, 2008 at 5:28 PM, lingu <hicheerup@gmail.com> wrote:

Hi,

I have a setup where the tftp server is inside the firewall.



Now the issue is tftp client send request on dynamic udp port. Can
anyone give some idea, how i can bind the fixed port for client udp
requests ?


Otherwise i hope, it is not a solution that i will open all port related
to UDP in the firewall.

Regards,
lingu



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

If conntrack can track the TFTP sessions, then you should be able to
filter it using -m state in iptables.

iptables -A ... -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A ... -m state --state NEW -p udp --dport 69 -j ACCEPT

You can have one rule in INPUT and the other in OUTPUT, or both in
FORWARD with different -i and -o interfaces.

If you give more details on your current topology, what's the access
you want to allow, and what are your current rules, it might be easier
to help you accomplish that exactly.

HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos