Comcast XB6 Blocking TFTP

Blake Hudson blake at ispn.net
Mon Mar 25 21:29:35 UTC 2019


You may already be aware, but TFTP - like FTP - is not a NAT friendly 
protocol and requires a helper or ALG to inspect the control channel in 
order to open up and translate the connections used by the data channel 
(which use unrelated high numbered UDP ports). If TFTP is not working 
when NAT is enabled, it sounds like that modem does not have a TFTP ALG 
included or enabled. I have no experience with that model personally, 
but it's not a unique problem. Workarounds are to not use NAT, purchase 
a better NAT router, define a DMZ host, or use a NAT friendly protocol 
like SCP.

Sorry about SIP. That's also not a NAT friendly protocol, and while some 
of the same workarounds still apply there are generally not numerous or 
better alternatives like there are for file transfer protocols that 
replace FTP/TFTP.

--Blake

Mike Hammett wrote on 3/25/2019 12:18 PM:
> Have any of you seen the Comcast XB6 modem blocking TFTP and some SIP 
> requests?
>
> We put the modem into bridge mode and TFTP requests are successful. 
> Reset it, set security to the lowest setting, disable the firewall... 
>  no TFTP requests pass.
>
> Modem\Router - cable - laptop.
>
> Of course we can't call into support because the customer is out of 
> town and thus we're unable to authenticate ourselves to support (not 
> that we tried).
>
>
>
> -----
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
> <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190325/16e15508/attachment.html>


More information about the NANOG mailing list