Unable to connect using tftp other than over openvpn
Les Mikesell
lesmikesell at gmail.com
Thu Mar 6 18:48:37 UTC 2008
CSB wrote:
>> All the documentation I read when learning to set up tftp stated that
>> it's an insecure protocol ill-suited to sharing stuff over public
>> networks. It's best left for its intended purpose, sharing firmware,
>> boot code and such over networks under one's own control.
>>
>> One of the risks is that, with a default installation[1], anyone who
>> can
>> read your data can change your data.
>>
>> If you control both ends of the VPN then that would seem to meet that
>> guideline.
>>
>> If you want to persist with sharing over the public internet, then look
>> at your firewall rules to see whether
>> 1, There's a problem restricting your transfer
>> 2. You have adequate controls over who can share your data.
>>
> Thanks for the reply.
>
> This is for VOIP phone configuration. Some devices require tftp initially
> before then being able to use http. We need the configuration available
> publicly and it's not practical to have these devices connecting over VPN to
> get their configuration.
>
But you said it did work when you connected through the VPN. I think
that points to either firewalling (anywhere on the path between devices
and remember that tftp runs over udp when opening ports) or routing.
Can you connect to the public interface with other protocols or do
traceroutes both directions to see if routes are correct through the
public side?
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list