![]() Can anyone hlep me figure out if I'm doing something wrong? Is the issue with the TFTP helper? Why would its behaviour have changed from Debian 8/Jessie? I did this same setup on several Debian 8/Jessie setups about a year ago and the TFTP helper worked as expected and I never had any issues. I won't clutter this post anymore if I can avoid it, but what's shown by tcpdump udp and host 1.1.1.1 confirms exactly what iptables and conntrack are showing me. But, as you'll see, the connection is only routed back to the client if the source port from the server is port 69 (regular old NAT)! Why is this? This is not the correct behaviour as far as I can tell. As you can also see, the expectation created in the EXPECT table has source port 0, which I assume means "any port". Pkts bytes target prot opt in out source destinationĥ9 2504 CT udp - * * 0.0.0.0/0 0.0.0.0/0 udp dpt:69 CT helper tftpĬhain OUTPUT (policy ACCEPT 280K packets, 36M bytes)Ĭhain POSTROUTING (policy ACCEPT 398 packets, 40794 bytes)ĥ678 349K MASQUERADE all - * enp1s0 0.0.0.0/0 0.0.0.0/0 All tables have default ACCEPT policy: = RAW Table =Ĭhain PREROUTING (policy ACCEPT 464K packets, 432M bytes) Iptables on the router has the following rules. The result is the that the router NATs the connection from the client to the server, sets up a translation rule for the return connection and happily waits for a return packet from the server with source port=69 that never arrives. According to RFC1350, the server is supposed to choose a random source port for its communication and direct it to the port that the client used as a source port originally (whew.). So only the regular MASQUERADE connection tracking is being used even though the conntrack table shows the expected return connection. The trouble I'm having is that the TFTP helper sets up an expectation for the return tftp connection (as expected) but, despite this, only traffic from port 69 on the TFTP server is getting translated and sent back to the client. I have configured iptables to use the Netfilter TFTP helper for tftp connections going to the TFTP server. The router is running iptables and is set to masquerade connections from the client's network to the server's network. They are connected via a router( Machine 'R'). ![]() ![]() ![]() I pretty sure I don't want to power cycle the router since if I do, the router will REALLY be stupid and I'll be hosed! I was able to delete the router's flash and but wasn't able to transfer the new flash to the router. #TFTP CLIENT NOT CONNECTING TO SERVER PC#The router can see my PC and the router is basically naked. SCW_RTR#$12/ flash:ĭestination filename ? ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |