Hi All,
Running RHAS-3 and attempting to run tftp server in a non-nat'd environment.
My iptables look similar to this:
*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0]
# Pass all on the loopback -A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT
# Allow already est or rel connex back in -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# TFTP -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
# Allow already known connex back in -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
These rules allow me to connect to udp port 69 on the tftp server but since tftp chooses a random high port to read/write the communication stops there.
I've tried loading the ip_conntrack_tftp module:
modprobe ip_conntrack_tftp
but this still doesn't allow the transfer of files.
Has anyone seen this? Am I doing something wrong? Or is the module not designed to work in this manner? Or is this a bug in the module?
I'd prefer not to allow all udp ports outbound.
TIA, Harry
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
