All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Gautham Thavva" <gautham.thavva@lycos.com>
To: netfilter@lists.netfilter.org
Subject: TFTP Connection Tracking Issue...
Date: Wed, 29 Oct 2003 17:14:11 -0400	[thread overview]
Message-ID: <NGNKFNPLIENKNDAA@mailcity.com> (raw)


I have enforced a firewall, using iptables-1.2.6a, on a Redhat 7.2 host (Kernel version is 2.4.7-10).

I have applied the *tftp* patch available in the patch-o-matic. The patch has not helped in tracking the TFTP session.

The TFTP client sends the Read request to the server. The server sends the Data block but there is no acknowledgement from the client.

After enabling the debug prints, I have noticed that: 1. the tuple for the connection is created
2. enters and exits out of *ip_conntrack_expect_related* function
3. through the netfilter hook, enters the *resolve_normal_ct* function. It however doesn't find the connection tracking tuple. It finds that the incoming packets are *related* packets and it accepts that packet.

However, the TFTP transfer times out.

----------------
Later I added a rule specifying the destination port of the tftp session and noticed that the *related* packets became *normal* packets for that connection.

The following is a snippet of the iptable rules for the TFTP protocol:

### TFTP ###
$IPTABLES -A allowed_udp -p UDP -m state --state RELATED -j ACCEPT
$IPTABLES -A udp_packets -p UDP -s 0/0 --sport 69 -j allowed_udp

Please can someone share their insight and assist me in resolving the TFTP connection tracking problem.

Thanks,
Gautham Thavva







____________________________________________________________
FREE ADHD DVD or CD-Rom (your choice) - click here!
http://ad.doubleclick.net/clk;6413623;3807821;f?http://mocda2.com/1/c/563632/131726/311392/311392
AOL users go here: http://ad.doubleclick.net/clk;6413623;3807821;f?http://mocda2.com/1/c/563632/131726/311392/311392
This offer applies to U.S. Residents Only


             reply	other threads:[~2003-10-29 21:14 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-10-29 21:14 Gautham Thavva [this message]
2003-10-29 21:41 ` TFTP Connection Tracking Issue Jörg Schütter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=NGNKFNPLIENKNDAA@mailcity.com \
    --to=gautham.thavva@lycos.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.