NAT + TFTP = No Go

  • Hi All,

    I've got a TFTP server behind a pfSense behind a single WAN connection at my work, and at my home office I used to have a Linksys WRT54G running Tomato firmware. I was using the Linksys to throw out a DHCP option 150 which was the WAN IP of my work. The VoIP phone would pick up option 150, download the config/firmware from the TFTP server that was behind NAT and everything was fine and dandy.

    However now I've replaced my Linksys WRT54G with a pfSense. So now at both ends I've got a pfSense, version is 2.1.4, and now TFTP won't work! I can't grab the TFTP config files from my work server.

    I tried to use wireshark to figure out what's happening at my end – it appears that when I try to grab the file over TFTP from my home office, the remote server does not respond at all. However when I watch the logs on the TFTP server at work, I see that my home system is attempting to retrieve the file as requested.

    I think the issue is w/ NAT. I've attempted turning on Static NAT (as this helped my SIP registration issues) but it hasn't helped in this instance.

    Do I need to do anything special to get this to work?

  • Doh, after a bit of googling it appears I've answered my own question. I had to enable the TFTP helper to get it to work.

    This setting is located at System > Advanced > Firewall/NAT and selected the "TFTP Proxy" for the LAN interface (from the perspective of where my VoIP phones are at my home office).

Log in to reply