Firewall breaking tftp

Juppers · July 29, 2016, 10:51am

I’ve been fighting with tftp server for the last few days, and got it to work when I disabled the firewall. After digging through the rules I noticed the established rule for udp only allows a few ports, and tftp isn’t one of them. I don’t see anywhere in the GUI this can be modified or corrected. How do I get tftp added to, or the port restriction removed from, the udp related established rule?

Chain fpbxfirewall (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere
ACCEPT tcp – anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp – anywhere anywhere udp spts:tcpmux:1024 state RELATED,ESTABLISHED

tonyclewis · July 29, 2016, 1:31pm

You enable it in Firewall Extra Services

Juppers · July 29, 2016, 1:35pm

Yes, It is enabled in extra services, the fpbxfirewall chain is where it is being blocked, not the zone chains.

bksales · July 29, 2016, 9:33pm

and is the ip address of the phone or whatever is trying to tftp from the pbx also listed in the trusted zone?

Juppers · July 29, 2016, 10:41pm

No, It’s an external IP, which is selected as shown above.

bksales · August 3, 2016, 5:03pm

you must still add the external ip address to the trusted zone. simply setting the firewall to say the service is external is not enough.