[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comcast XB6 Blocking TFTP

Subject: Comcast XB6 Blocking TFTP
From: blake at ispn.net (Blake Hudson)
Date: Mon, 25 Mar 2019 16:29:35 -0500
In-reply-to: <2079383401.5744.1553534308903.JavaMail.mhammett@ThunderFuck>
References: <2079383401.5744.1553534308903.JavaMail.mhammett@ThunderFuck>

You may already be aware, but TFTP - like FTP - is not a NAT friendly 
protocol and requires a helper or ALG to inspect the control channel in 
order to open up and translate the connections used by the data channel 
(which use unrelated high numbered UDP ports). If TFTP is not working 
when NAT is enabled, it sounds like that modem does not have a TFTP ALG 
included or enabled. I have no experience with that model personally, 
but it's not a unique problem. Workarounds are to not use NAT, purchase 
a better NAT router, define a DMZ host, or use a NAT friendly protocol 
like SCP.

Sorry about SIP. That's also not a NAT friendly protocol, and while some 
of the same workarounds still apply there are generally not numerous or 
better alternatives like there are for file transfer protocols that 
replace FTP/TFTP.

--Blake

Mike Hammett wrote on 3/25/2019 12:18 PM:
> Have any of you seen the Comcast XB6 modem blocking TFTP and some SIP 
> requests?
>
> We put the modem into bridge mode and TFTP requests are successful. 
> Reset it, set security to the lowest setting, disable the firewall... 
> Â no TFTP requests pass.
>
> Modem\Router - cable - laptop.
>
> Of course we can't call into support because the customer is out of 
> town and thus we're unable to authenticate ourselves to support (not 
> that we tried).
>
>
>
> -----
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
> <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190325/16e15508/attachment.html>

References:
- Comcast XB6 Blocking TFTP
  - From: nanog at ics-il.net (Mike Hammett)

Prev by Date: FW: softlayer.com
Next by Date: AS112 contact
Previous by thread: Comcast XB6 Blocking TFTP
Next by thread: Bay Area: Help test Earthquake Early Warning System
Index(es):
- Date
- Thread