Home > Asterisk, ipcop, networking, trixbox pro, VoIP > TFTP through IPCOP or other iptables firewalls

TFTP through IPCOP or other iptables firewalls

TFTP uses UDP packets. The client connects from a random port to port 69, then the server connects back to the original port. This does not survive NAT (network address translation), possibly not on either end. trixbox pro and many other phone systems use TFTP for provisioning phones, so this is a problem for remote phones. Here is a fix that allows tftp traffic through an iptables based firewall (IPCop in this example).

You will need to enable ssh on the firewall and connect a session. IPCop uses non-standard port 222, and can usually only be connected to from the internal (green) network.

nano /etc/rc.d/rc.network

add these two lines:
modprobe ip_conntrack_tftp
modprobe ip_nat_tftp

Save and exit.

For immediate effect, repeat the two lines at the command prompt, or reboot the firewall. I had to repeat this on both firewalls, as IPCop firewalls were on both ends.

If using trixbox pro, you also need to make a few minor changes to the configuration files for the phones in order for the phone to try the correct server. Change the sNNNN.trixbox.fonality.com settings to sNNNNx.trixbox.fonality.com where NNNN is your server number. I modified the file itself. Fonality recommends modifying the phone config on the phone once it is initially configured.

Advertisements
  1. No comments yet.
  1. September 10, 2008 at 7:09 pm

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: