From: Ralph Blach <chipper@us.ibm.com>
To: netfilter@lists.netfilter.org
Subject: Getting Tftp to run with this Rule set
Date: Thu, 11 Aug 2005 09:16:34 -0400 [thread overview]
Message-ID: <42FB4FB2.5020904@us.ibm.com> (raw)
I have a Fedora 3 core 86_64 box running with this rule set as generated by the fedora
firewall bring up. Eth1 is a trusted interface, and is the private network.
dhcp runs find, and returns a file name, yet tftpd does not run, getting a port rejected.
I have two ethernets in my box.
10.0.0.1 and a.b.c.d. the 10.0.0.x is the private network and the a.b.c.d is my public network.
Everthing works fine except tftpd which gets this error
08:45:49.945234 IP 10.0.0.10.2593 > 10.0.0.1.32819: UDP, length 4
08:45:49.945261 IP 10.0.0.1 > india10: icmp 40: 10.0.0.1 udp port 32819 unreachable
08:45:52.612474 IP 10.0.0.10.2593 > 10.0.0.1.32819: UDP, length 4
08:45:52.612521 IP 10.0.0.1 > india10: icmp 40: 10.0.0.1 udp port 32819 unreachable
What rule set do I add so that ports on eth1 above 1024 will be accessable on eth1 and tftp will
work?
Thanks
Chip
Here is the rule set
/etc/rc.d/init.d/iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.0.0.0/24 0.0.0.0/0 to:a.b.c.d
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
--
Ralph "Chip" Blach
chipper@us.ibm.com
IBM Linux Technology Center
Raleigh, North Carolina
919 543 1207
next reply other threads:[~2005-08-11 13:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-11 13:16 Ralph Blach [this message]
2005-08-11 17:37 ` Getting Tftp to run with this Rule set /dev/rob0
2005-08-11 17:52 ` Can someone recommend a good simple firewall script? /dev/rob0
2005-08-11 18:00 ` Tom Eastep
2005-08-11 19:06 ` Anthony DiSante
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42FB4FB2.5020904@us.ibm.com \
--to=chipper@us.ibm.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox