[Asterisk-Users] TFTP Secondary Ports

Rich Adamson radamson at routers.com
Wed Aug 3 06:51:38 MST 2005 

Just a data point... tftp works just fine in RHv9 and FC3 with remote
7960's. Images, config files, etc, get transferred correctly every time,
and the 7960's are between elcheapo firewall boxes.

If you really want to restrict who can access the tftp server, run one
of the firewall app's on the linux server.

------------------------

> I understand. However, Im successfully managing this without any problems using a Windows 
tftp server by www.winagents.com. This
> software allows you to limit secondary transfer connections to a range of IPs. Therefore you 
only need to open up port 69 and the range
> you specify. Everything just works!
> 
>  
> 
> I would like to move the solution to Linux for a couple reasons. However, It looks like the 
default tftp server does not support this feature
> and that is why you were going crazy. The number of ports you must open is ridiculous for 
tftp. However, I just found a seemingly robust
> linux version with firewall support offered by weirdsolutions. It looks promising. 
http://www.weirdsolutions.com/
> 
>  
> 
> Chad
> 
>  
> 
> 
-----------------------------------------------------------------------------------------------
-----------
> 
>        From: asterisk-users-bounces at lists.digium.com 
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Carlos
>                                    Sent: Wednesday, August 03, 2005 12:10 AM
>                              To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
>                                  Subject: RE: [Asterisk-Users] TFTP Secondary Ports
> 
>                                                      
> 
>                                                  hey chad,
> 
>                                                      
> 
>      just a heads up tftp is one of the worst protocols to use when your behind a nat or firewall it drove me pretty crazy a while ago.
> 
>                                                      
> 
>                                                Carlos Alcantar
>                                            Race Technologies, Inc.
>                                               101 Haskins Way
>                                          South San Francisco, CA 94080
>                                                P: 650.246.8900
>                                                F: 650.246.8901
>                                              E: carlos at race.com
> 
>                                                      
> 
> ----------------------------------------------------------------------------------------------------------
> 
>      From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Chad Brown
>                                      Sent: Tuesday, August 02, 2005 10:46 PM
>                                        To: asterisk-users at lists.digium.com
>                                   Subject: [Asterisk-Users] TFTP Secondary Ports
> 
> Im publishing tftp through my firewall to support external Cisco 7960 sip phones. I know that the primary port is 69 for tftp. However, tftp
> also uses secondary ports ranging from 1,0XX to 30,XXX. ( A broad range) In an effort to limit the secondary ports that are opened, some
>  Windows based tftp server such as the winagents product allows you to limit the range of secondary ports that are used allowing you to
>                                     somewhat tighten firewall publishing rules.
> 
>                                                      
> 
>                              Does anyone know how to do this using the linux tftp server?
> 
>                                                      
> 
>                                                Thanks, Chad
---------------End of Original Message-----------------

More information about the asterisk-users mailing list