FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 06-09-2008, 11:58 AM
lingu
 
Default TFP inside firewall

Hi,

I have a setup where the tftp server is inside the firewall.



Now the issue is tftp client send request on dynamic udp port. Can
anyone give some idea, how i can bind the fixed port for client udp
requests ?


Otherwise i hope, it is not a solution that i will open all port related
to UDP in the firewall.

Regards,
lingu

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-10-2008, 06:38 AM
John Newbigin
 
Default TFP inside firewall

I use tftp through a masquerading firewall. To set it up I edited (on
the CentOS-4 firewall) /etc/sysconfig/iptables-config and set

IPTABLES_MODULES="ip_nat_tftp ip_conntrack_tftp"

I think ip_conntrack_tftp is what you need.

John.

lingu wrote:

Hi,

I have a setup where the tftp server is inside the firewall.

Now the issue is tftp client send request on dynamic udp port. Can
anyone give some idea, how i can bind the fixed port for client udp
requests ?
Otherwise i hope, it is not a solution that i will open all port related
to UDP in the firewall.


Regards,
lingu


------------------------------------------------------------------------

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



--
John Newbigin
ITS Senior Analyst / Programmer
Faculty of Information and Communication Technologies
Swinburne University of Technology
Melbourne, Australia
http://www.ict.swin.edu.au/staff/jnewbigin
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-10-2008, 08:15 AM
lingu
 
Default TFP inside firewall

Hi ,

*Thanx for your reply* but my query is different already ip_conntrack_tftp is loaded in my centos . TFTP is working fine now ,but i want to toghten more security on iptables.Right now all of my udp port is opened, i dont want to do that .see my previous mail below


################################################## ##################
I have a setup where the tftp server is inside the firewall.



Now the issue is tftp client send request on dynamic udp port. Can
anyone give some idea, how i can bind the fixed port for client udp
requests ?


Otherwise i hope, it is not a solution that i will open all port related
to UDP in the firewall.
################################################## #######################

Regards,
lingu

On Mon, Jun 9, 2008 at 5:28 PM, lingu <hicheerup@gmail.com> wrote:

Hi,

I have a setup where the tftp server is inside the firewall.



Now the issue is tftp client send request on dynamic udp port. Can
anyone give some idea, how i can bind the fixed port for client udp
requests ?


Otherwise i hope, it is not a solution that i will open all port related
to UDP in the firewall.

Regards,
lingu



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-11-2008, 01:30 AM
"Filipe Brandenburger"
 
Default TFP inside firewall

If conntrack can track the TFTP sessions, then you should be able to
filter it using -m state in iptables.

iptables -A ... -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A ... -m state --state NEW -p udp --dport 69 -j ACCEPT

You can have one rule in INPUT and the other in OUTPUT, or both in
FORWARD with different -i and -o interfaces.

If you give more details on your current topology, what's the access
you want to allow, and what are your current rules, it might be easier
to help you accomplish that exactly.

HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 04:43 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org