TFTP – not that trivial protocol

TFTP, the Trivial File Transfer Protocol isn’t as trivial as it seems. It turns out that while TFTP requests are sent to UDP port 69, the responses do not need to be sourced from UDP port 69 (proof)! Because of that, some firewalls may have problems with passing such traffic – in the case of Cisco routers, enabling TFTP inspects is necessary (reflexive ACLs won’t work):

Router(config)# ip inspect name inspect_out tftp
Router(config)# interface FastEthernet 0/0
Router(config-if)# ip inspect inspect_out out

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s