[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  "Christian Oswald" <coswald at dls dot net>, <brwatters at abs dash internet dot com>, <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] TFTP and m0n0wall
 Date:  Tue, 29 Nov 2005 14:50:33 +0100
Even checkpoint fails in allowing TFTP, even if both sides have public
ip and no nat is involved

J.

-- 
Jonathan De Graeve
Network/System Administrator
Imelda vzw
Informatica Dienst
015/50.52.98
jonathan dot de dot graeve at imelda dot be

---------
Always read the manual for the correct way to do things because the
number of incorrect ways to do things is almost infinite
---------

-----Oorspronkelijk bericht-----
Van: Christian Oswald [mailto:coswald at dls dot net] 
Verzonden: dinsdag 29 november 2005 0:58
Aan: brwatters at abs dash internet dot com; m0n0wall dash dev at lists dot m0n0 dot ch
Onderwerp: RE: [m0n0wall-dev] TFTP and m0n0wall

I submitted some posts maybe 6 months ago on this subject. I experienced
the same issue. Nobody really wants to resolve this issue. Should just
be a matter of implementing a tftp fixup/helper. The problem with TFTP
is that it goes out on port 69 but comes back on a random port. The only
way to fix this is 1:1 Nat (which is a waste of IPs). 

With all these hosted voip providers coming into play it is only a
matter of time before someone realizes that this fix needs to be
implemented.

I've gotten around this using 2 different methods, one is using the
IPcop firewall and the other is that my company is developing an openbsd
based firewall (almost complete).

I can help you out with any deployment problems you may have, just email
me off list.

Thanks,
   
Christian 
DLS Internet Services
coswald at noc dot dls dot net


-----Original Message-----
From: Brian Watters [mailto:brwatters at abs dash internet dot com] 
Sent: Monday, November 28, 2005 5:47 PM
To: m0n0wall dash dev at lists dot m0n0 dot ch
Subject: [m0n0wall-dev] TFTP and m0n0wall

Here is our problem currently .. We are deploying lots of Cisco 7960 IP
phones behind m0n0wall firewall's and getting TFTP traffic blocked by
the
firewall .. We have allowed UDP 69 in from our soft switches but still
we
have failures .. Anyone have this sort of install working now and if so
how?

Ideas?

BRW


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch



---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch