From: Brian Dennis (brian@5g.net)
Date: Sun Oct 13 2002 - 17:54:21 GMT-3
When a TFTP client sends the first packet (read or write request) to the
TFTP server the destination UDP port is 69. The TFTP server will then
select a UDP high port to reply back on. The TFTP server does not reply
back using the UDP source port of 69. You have to open up UDP ports
greater than 1024 for the TFTP server to reply back on.
As a side note you would see this if you added in a "deny ip any any
log" to your access-list.
Brian Dennis, CCIE #2210 (R&S/ISP Dial)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
James
Sent: Sunday, October 13, 2002 11:10 AM
To: ccielab@groupstudy.com
Subject: weird question about tftp and access-list
hi, all
i am trying to permit tftp packet out of ether 0.
tftp srv---------(e0)r4(s0)--------(s0)r3(e0)-----cleint
i can copy files to tftp server from client without any access-list. but
after
applying the access-list as following, i got some error message: !.....
%Error writing tftp://192.168.0.188/r22 (Write error)...... that means,
the
first packet is permit, but the subsequent is block. i am wondering what
is
the real reason.
thanks in advance
access-list is as following:
permit ospf any any (234 matches)
permit tcp 172.16.21.0 0.0.0.255 any eq telnet
permit icmp any any echo log (20 matches)
permit icmp any any echo-reply log (5 matches)
permit udp any any eq tftp log (3 matches)
the log message is : 04:31:12: %SEC-6-IPACCESSLOGP: list allow_ftp_ping
permitted udp 172.16.37.2(549
49) -> 192.168.0.188(69), 1 packet
james
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:46 GMT-3