Tunneling, TFTP

Hello,

There is a computer (call it "X") with TFTP server
is installed on it.
"X" is in a local network and I want to make me
able to access TFTPd on "X" from the internet.
But there is a problem with connecting TFTPd,
because of NAT -- as far as I know, TFTP uses
the same port (69) to replaying, but NAT changes
numbers of ports. So, TFTPd doesn't work.

It is possible to use "tunneling" to solve accessing
TFTPd from the internet problem.

My question: do I have to change something in "X"
(recompiling kernel with some special options;
reconfigurating system) to do tunneling ?
Or "X" doesn't have to know that there is tunneling
and it works in it ?

Thanks in advance,

Vicky.

On Wed, 20 Oct 2004 13:57:17 +0200, Vicky wrote:
> There is a computer (call it "X") with TFTP server
> is installed on it.
> "X" is in a local network and I want to make me
> able to access TFTPd on "X" from the internet.
> But there is a problem with connecting TFTPd,
> because of NAT -- as far as I know, TFTP uses
> the same port (69) to replaying, but NAT changes
> numbers of ports. So, TFTPd doesn't work.

Not necessarily. NAT primarily does IP address "spoofing". It can also
change port numbers, but it does not have to. IIRC, by default it does
not change port numbers. It depends on how you set it up. How are you
connected from your computer "X"? Through a firewall router (my preferred
option)? Directly via cable modem? Directly via ADSL? What software (O/S,
etc.) are you running on computer "X"? Gateway (if any)?

FWIW, I have setup sshd on one of my machines, and I had my firewall
router redirect the sshd port to my server machine. Worked fine. From
"outside" (my brother's PC in another city, via internet) I was able to
reach my firewall router (via cable modem) and it redirected the ssh port
to my server. As far as I could tell, I was talking directly to my server,
even though I was using the IP address of the cable modem side of my
firewall router. Think it through, one step at a time.

While I haven't done this with tftp, I don't see why it wouldn't work.

BTW, depending on where you are accessing your tftp server, you might
actually have two firewall routers and/or two NATs to worry about: one at
each end of your internet connection.

> It is possible to use "tunneling" to solve accessing
> TFTPd from the internet problem.

I believe so, but I don't think you have to go to that complexity.

> My question: do I have to change something in "X"
> (recompiling kernel with some special options;
> reconfigurating system) to do tunneling ?
> Or "X" doesn't have to know that there is tunneling
> and it works in it ?

Whoa! That is getting far too complicated. Should not be necessary.

--
Juhan Leemet
Logicognosis, Inc.

> While I haven't done this with tftp, I don't see why it wouldn't work.

Believe me. Of course I do ports forwarding, as you in your case.
Everything works OK (telnet, my own application), but TFTP not.
I found messages on usenet that it is because TFTP doesn't
like changing port number by NAT.
So, I should reconfigure NAT not to change port number for TFTP,
or use tunneling.


> > My question: do I have to change something in "X"
> > (recompiling kernel with some special options;
> > reconfigurating system) to do tunneling ?
> > Or "X" doesn't have to know that there is tunneling
> > and it works in it ?
>
> Whoa! That is getting far too complicated. Should not be necessary.

OK. So, if I don't change anything in "X", it is not
my problem to do tunneling, but an administrator of
a network.

Vicky.

tftp uses UDP packets. have you checked that you are forwarding udp
packets correctly.

Vicky wrote:
>>While I haven't done this with tftp, I don't see why it wouldn't work.
>
>
> Believe me. Of course I do ports forwarding, as you in your case.
> Everything works OK (telnet, my own application), but TFTP not.
> I found messages on usenet that it is because TFTP doesn't
> like changing port number by NAT.
> So, I should reconfigure NAT not to change port number for TFTP,
> or use tunneling.
>
>
>
>>>My question: do I have to change something in "X"
>>>(recompiling kernel with some special options;
>>>reconfigurating system) to do tunneling ?
>>>Or "X" doesn't have to know that there is tunneling
>>>and it works in it ?
>>
>>Whoa! That is getting far too complicated. Should not be necessary.
>
>
> OK. So, if I don't change anything in "X", it is not
> my problem to do tunneling, but an administrator of
> a network.
>
> Vicky.
>
>

> tftp uses UDP packets. have you checked that you are forwarding udp
> packets correctly.

Other application which uses UDP works.
There is a patch and option in new kernels (CONFIG_IP_NF_TFTP)
to make TFTP working.

Vicky.

Fritz <(E-Mail Removed)> wrote:
> tftp uses UDP packets. have you checked that you are forwarding udp
> packets correctly.

And keep in mind the following: when one is sending read/write
request to TFTP server, only destination port number equals to
69. All subsequent data is exchanged between *different* ports
(ne 69, but gt 1024).

--
andrei