Getting Tftp to run with this Rule set

/dev/rob0 rob0 at gmx.co.uk
Thu Aug 11 19:37:12 CEST 2005


On Thursday 2005-August-11 08:16, Ralph Blach wrote:
> I have a Fedora 3 core 86_64 box running with this rule set as
> generated by the fedora firewall bring up.  Eth1 is a trusted

I haven't seen it recently, but I know that older versions of Fedora 
(and Red Hat) default firewalls are utterly useless. If you want to 
learn iptables yourself, fine; if not, look on freshmeat for something 
better. Just about anything you might find is probably better.

At this time I don't have something specific I can recommend. Before I 
learned iptables I used MonMotha's, but that's too complicated for my 
liking.

> What rule set do I add so that ports on eth1 above 1024 will be
> accessable on eth1 and tftp will work?

Wrong question. Use stateful inspection as described in the Packet 
Filtering HOWTO. The ipchains-style approach of opening high ports is a 
terrible idea, completely unnecessary with iptables.

I could answer your question, but I won't. It is documented in the 
manual, of course.

> Here is the rule set
> /etc/rc.d/init.d/iptables status

No, that's not. It doesn't tell us much at all. iptables-save(8) output 
is far more useful.
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header



More information about the netfilter mailing list