Configuring iptables to allow tftp traffic on kernel 2.6.14

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Carlos Munoz <carlos@kenati.com>
To: netfilter@lists.netfilter.org
Subject: Configuring iptables to allow tftp traffic on kernel 2.6.14
Date: Wed, 18 Jan 2006 15:42:45 -0800	[thread overview]
Message-ID: <43CED275.4060804@kenati.com> (raw)

Hi all,

I hope this is the right forum for this question. I tried to search the 
archives but did not find a search function.

I'm trying to configure iptables to allow tftp traffic that originates 
from the linux box. I can tftp files as long as the policy for the INPUT 
chain is ACCEPT. Once, I enter the following rules, I can't tftp any files.

/carlos # uname -a
Linux carlos-npgateway 2.6.14.6-2.0.0-95 #4 Tue Jan 17 19:17:28 PST 2006 
armv5tejl unknown
/carlos #
/carlos #
/carlos # iptables -P INPUT DROP
/carlos # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/carlos #
/carlos #
/carlos # iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain NPFORWARDCHAIN (0 references)
target     prot opt source               destination

The connection tracking module for tftp is loaded:

/carlos # lsmod
Module                  Size  Used by
ip_nat_tftp             1920  0
ip_conntrack_tftp       4400  1 ip_nat_tftp
phone_mrvl            100852  2
phonedev                4224  3 phone_mrvl
/carlos #


Connection tracking reports the following connections:

/carlos # cat /proc/net/ip_conntrack
udp      17 24 src=192.168.1.75 dst=192.168.1.8 sport=3080 dport=69 
[UNREPLIED] src=192.168.1.8 dst=192.168.1.75 sport=69 dport=3080 use=1
/carlos #
/carlos #
/carlos # cat /proc/net/ip_conntrack_expect
292 proto=17 src=192.168.1.8 dst=192.168.1.75 sport=69 dport=3080
/carlos #

Does anyone know what I need to do to get this to work ? Thanks in 
advance for your help.


Carlos Munoz

                 reply	other threads:[~2006-01-18 23:42 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43CED275.4060804@kenati.com \
    --to=carlos@kenati.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.