hi, IMHO assuming that the server sits inside the firewall and the client PC is outside, you just have to open the udp port 69 for the client pc. since you are not blocking any outbound ports (as is the normal case), you should not have any probs. But you might also want to consider the following: - a) what after tftp? b) you might have to allow dhcp requests inside your firewall (which is a big NO-NO) c) All other protocols like XDCMP etc A more elegant solution is to use VNC if you're trying to connect from across the world (which is why the firewall) Real VNC now supports upto 1024 bit AES encryption (Commercial).
à¤à¤¶à¥à¤· शà¥à¤à¥à¤²à¤¾ "Wah Java !!" <[EMAIL PROTECTED]> wrote: Hi ilugd@lists.linux-delhi.org, I want to boot TFTP across my firewall (setup using iptables). I've blocked all UDP traffic except selective ones (which includes TFTP Port 69 also). Although I'm not good into networking in Linux but somehow I setup a firewall using Firewall-HOWTO. The problem is I'm unable to boot my another PC via TFTP. The problems in TFTP protocol. 1. Client sends TFTP request to server on port 69 over UDP. 2. Server replies to client but from a different port (chosen randomly) say X over UDP. 3. And then subsequent TFTP requests from that client has to be sent to port X over UDP. Some articles are: http://www.firewall.cx/tftp.php http://www.unix.org.ua/orelly/networking_2ndEd/fire/ch17_02.htm http://www.google.co.in/search?q=tftp+firewall So, I don't want to open all my UDP ports. So is there any other way also ? Thanx in advance, Ashish Shukla alias Wah Java !! Wah Java !! -- Ashish Shukla "Wah Java !!" à¤à¤¶à¥à¤· शà¥à¤à¥à¤²à¤¾ ,= ,-_-. =. ((_/)o o(\_)) `-'(. .)`-' \_/ My blah, blah, blah at http://wahjava.blogspot.com/ My webpages at http://www.geocities.com/wah_java_dotnet/ My GPG Fingerprint: BBA9 AD7D BA71 61EB BE46 8CF5 E44A C663 A03F 4261 -- Supercomputers are for people too rich and too stupid to design efficient algorithms -- Steven Skiena, Department of Computer Science, SUNY Stony Brook. _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/ catch ya later (Ive gotta UnWire Life!!!) shiv --------------------------------- Brings words and photos together (easily) with PhotoMail - it's free and works with Yahoo! Mail. _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
