I'm publishing tftp through my firewall to support external Cisco 7960 sip phones. I know that the primary port is 69 for tftp. However, tftp also uses secondary ports ranging from 1,0XX to 30,XXX. ( A broad range) In an effort to limit the secondary ports that are opened, some Windows based tftp server such as the winagents product allows you to limit the range of secondary ports that are used allowing you to somewhat tighten firewall publishing rules. Does anyone know how to do this using the linux tftp server? Thanks, Chad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20050803/124042fc/attachment.htm
On Tue, Aug 02, 2005 at 10:46:17PM -0700, Chad Brown wrote:> I'm publishing tftp through my firewall to support external Cisco 7960 > sip phones. I know that the primary port is 69 for tftp. However, tftp > also uses secondary ports ranging from 1,0XX to 30,XXX. ( A broad range) > In an effort to limit the secondary ports that are opened, some Windows > based tftp server such as the winagents product allows you to limit the > range of secondary ports that are used allowing you to somewhat tighten > firewall publishing rules.The "secondary ports" are not determained by the server. Rather, they are set by the client, IIRC. File transfers simply re-use the existing socket that was used to connect in the first place. -- Tzafrir Cohen | tzafrir@jbr.cohens.org.il | VIM is http://tzafrir.org.il | | a Mutt's tzafrir@cohens.org.il | | best ICQ# 16849755 | | friend
hey chad, just a heads up tftp is one of the worst protocols to use when your behind a nat or firewall it drove me pretty crazy a while ago. Carlos Alcantar Race Technologies, Inc. 101 Haskins Way South San Francisco, CA 94080 P: 650.246.8900 F: 650.246.8901 E: carlos at race.com _____ From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Chad Brown Sent: Tuesday, August 02, 2005 10:46 PM To: asterisk-users@lists.digium.com Subject: [Asterisk-Users] TFTP Secondary Ports I'm publishing tftp through my firewall to support external Cisco 7960 sip phones. I know that the primary port is 69 for tftp. However, tftp also uses secondary ports ranging from 1,0XX to 30,XXX. ( A broad range) In an effort to limit the secondary ports that are opened, some Windows based tftp server such as the winagents product allows you to limit the range of secondary ports that are used allowing you to somewhat tighten firewall publishing rules. Does anyone know how to do this using the linux tftp server? Thanks, Chad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20050803/73861c0e/attachment.htm
Hi, We are trying to set up an asterisk configuration using some 7960 Cisco Telephone. We need to deploy those in our company and we also need to see on the screen who is on line or not. After making a research on the web, we thing that we have to use MGCP or sccp. Does anybody have the last firmware of Cisco 7960 to work either in SCCP or MGCP? Rgds, Nicolas -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20050803/4754bfd3/attachment.htm
I understand. However, I'm successfully managing this without any problems using a Windows tftp server by www.winagents.com <http://www.winagents.com/> . This software allows you to limit secondary transfer connections to a range of IPs. Therefore you only need to open up port 69 and the range you specify. Everything just works! I would like to move the solution to Linux for a couple reasons. However, It looks like the default tftp server does not support this feature and that is why you were going crazy. The number of ports you must open is ridiculous for tftp. However, I just found a seemingly robust linux version with firewall support offered by weirdsolutions. It looks promising. http://www.weirdsolutions.com/ Chad ________________________________ From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Carlos Sent: Wednesday, August 03, 2005 12:10 AM To: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: RE: [Asterisk-Users] TFTP Secondary Ports hey chad, just a heads up tftp is one of the worst protocols to use when your behind a nat or firewall it drove me pretty crazy a while ago. Carlos Alcantar Race Technologies, Inc. 101 Haskins Way South San Francisco, CA 94080 P: 650.246.8900 F: 650.246.8901 E: carlos at race.com ________________________________ From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Chad Brown Sent: Tuesday, August 02, 2005 10:46 PM To: asterisk-users@lists.digium.com Subject: [Asterisk-Users] TFTP Secondary Ports I'm publishing tftp through my firewall to support external Cisco 7960 sip phones. I know that the primary port is 69 for tftp. However, tftp also uses secondary ports ranging from 1,0XX to 30,XXX. ( A broad range) In an effort to limit the secondary ports that are opened, some Windows based tftp server such as the winagents product allows you to limit the range of secondary ports that are used allowing you to somewhat tighten firewall publishing rules. Does anyone know how to do this using the linux tftp server? Thanks, Chad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20050803/f2ca45db/attachment.htm
Chad Brown wrote:> I'm publishing tftp through my firewall to support external Cisco > 7960 sip phones.I hope the files requested by the Cisco phones don't contain username / password information. Passing that in cleartext is just so wrong ;-) -- Andreas Sikkema bbned NV Van Vollenhovenstraat 3 3016 BE Rotterdam t: +31 (0)10 2245544 f: +31 (0)10 413 65 45