Obviously this isn’t recommended but if you ever need to gain access to a TFTP on the inside of your network which happens to be connected to the Internet using a Cisco IOS based router with Zone Based Firewall enabled:
Access List Entry
Extended IP access list public-private-inspect-cmap-acl
10 permit udp any host x.x.x.x eq tftp
NAT Entry
ip nat inside source static udp x.x.x.x 69 interface Dialer0 69
This obviously assumes “Dialer0” is your external interface and replace x.x.x.x with the IP address of your TFTP server.