Getting Tftp to run with this Rule set

Ralph Blach chipper at us.ibm.com
Thu Aug 11 15:16:34 CEST 2005


I have a Fedora 3 core 86_64 box running with this rule set as generated by the fedora
firewall bring up.  Eth1 is a trusted interface, and is the private network.
dhcp runs find, and returns a file name, yet tftpd does not run, getting a port rejected.

I have two ethernets in my box.

10.0.0.1 and a.b.c.d.  the 10.0.0.x is the private network and the a.b.c.d is my public network.

Everthing works fine except tftpd which gets this error

08:45:49.945234 IP 10.0.0.10.2593 > 10.0.0.1.32819: UDP, length 4
08:45:49.945261 IP 10.0.0.1 > india10: icmp 40: 10.0.0.1 udp port 32819 unreachable
08:45:52.612474 IP 10.0.0.10.2593 > 10.0.0.1.32819: UDP, length 4
08:45:52.612521 IP 10.0.0.1 > india10: icmp 40: 10.0.0.1 udp port 32819 unreachable
What rule set do I add so that ports on eth1 above 1024 will be accessable on eth1 and tftp will
work?

Thanks

Chip

Here is the rule set
/etc/rc.d/init.d/iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  10.0.0.0/24          0.0.0.0/0           to:a.b.c.d

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Table: filter
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

-- 
Ralph "Chip" Blach
chipper at us.ibm.com
IBM Linux Technology Center
Raleigh, North Carolina
919 543 1207




More information about the netfilter mailing list