Comcast XB6 Blocking TFTP
Blake Hudson
blake at ispn.net
Mon Mar 25 21:29:35 UTC 2019
You may already be aware, but TFTP - like FTP - is not a NAT friendly
protocol and requires a helper or ALG to inspect the control channel in
order to open up and translate the connections used by the data channel
(which use unrelated high numbered UDP ports). If TFTP is not working
when NAT is enabled, it sounds like that modem does not have a TFTP ALG
included or enabled. I have no experience with that model personally,
but it's not a unique problem. Workarounds are to not use NAT, purchase
a better NAT router, define a DMZ host, or use a NAT friendly protocol
like SCP.
Sorry about SIP. That's also not a NAT friendly protocol, and while some
of the same workarounds still apply there are generally not numerous or
better alternatives like there are for file transfer protocols that
replace FTP/TFTP.
--Blake
Mike Hammett wrote on 3/25/2019 12:18 PM:
> Have any of you seen the Comcast XB6 modem blocking TFTP and some SIP
> requests?
>
> We put the modem into bridge mode and TFTP requests are successful.
> Reset it, set security to the lowest setting, disable the firewall...
> no TFTP requests pass.
>
> Modem\Router - cable - laptop.
>
> Of course we can't call into support because the customer is out of
> town and thus we're unable to authenticate ourselves to support (not
> that we tried).
>
>
>
> -----
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
> <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190325/16e15508/attachment.html>
More information about the NANOG
mailing list