On 06/14/2011 06:51 PM, Tim Dunphy wrote:

hey guys,

I have a really silly question for you! I just built a cobbler server that I am using to bare metal some boxes. But I am a bit n00b and need to figure out which ports to open in iptables.

Here's a start:

xinetd 2031 root 8u IPv4 94306 UDP *:tftp in.tftpd 9203 root cwd DIR 253,0 4096 588097 /tftpboot in.tftpd 9203 root rtd DIR 253,0 4096 2 / in.tftpd 9203 root txt REG 253,0 39544 1813945 /usr/sbin/in.tftpd in.tftpd 9203 root mem REG 253,0 139504 1698969 /lib64/ld-2.5.so in.tftpd 9203 root mem REG 253,0 1722304 1698999 /lib64/libc-2.5.so in.tftpd 9203 root mem REG 253,0 37368 1699127 /lib64/libwrap.so.0.7.6 in.tftpd 9203 root mem REG 253,0 114352 1699014 /lib64/libnsl-2.5.so in.tftpd 9203 root mem REG 253,0 53880 1698970 /lib64/libnss_files-2.5.so in.tftpd 9203 root 0u IPv4 94306 UDP *:tftp

I think what I want is the 6th column but I am uncertain of how to express that in terms of iptables. Thanks!

tim --

I think the *standard* port for TFTP is 69. You may have configured your server to use a different port...

Assuming the default INPUT policy on your iptables configuration is "deny", typing the following at the command prompt, as root, will insert a rule allowing (and accepting) tftp on port 69:

iptables -I INPUT -p udp --dport 69 -j ACCEPT

...this will enable tftp on port 69 from all network interfaces.