Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
TFTP-PROXY(8)		FreeBSD	System Manager's Manual		 TFTP-PROXY(8)

     tftp-proxy	-- Internet Trivial File Transfer Protocol proxy

     tftp-proxy	[-v] [-w transwait]

     tftp-proxy	is a proxy for the Internet Trivial File Transfer Protocol
     invoked by	the inetd(8) internet server.  TFTP connections	should be
     redirected	to the proxy using the pf(4) rdr command, after	which the
     proxy connects to the server on behalf of the client.

     The proxy establishes a pf(4) rdr rule using the anchor facility to re-
     write packets between the client and the server.  Once the	rule is	estab-
     lished, tftp-proxy	forwards the initial request from the client to	the
     server to begin the transfer.  After transwait seconds, the pf(4) NAT
     state is assumed to have been established and the rdr rule	is deleted and
     the program exits.	 Once the transfer between the client and the server
     is	completed, the NAT state will naturally	expire.

     Assuming the TFTP command request is from $client to $server, the proxy
     connected to the server using the $proxy source address, and $port	is
     negotiated, tftp-proxy adds the following rule to the anchor:

	   rdr proto udp from $server to $proxy	port $port -> $client

     The options are as	follows:

     -v	     Log the connection	and request information	to syslogd(8).

     -w	transwait
	     Number of seconds to wait for the data transmission to begin
	     before removing the pf(4) rdr rule.  The default is 2 seconds.

     To	make use of the	proxy, pf.conf(5) needs	the following rules.  The
     anchors are mandatory.  Adjust the	rules as needed	for your configura-

     In	the NAT	section:

	   nat on $ext_if from $int_if -> ($ext_if:0)

	   no nat on $ext_if to	port tftp

	   rdr-anchor "tftp-proxy/*"
	   rdr on $int_if proto	udp from $lan to any port tftp -> \ port 6969

     In	the filter section, an anchor must be added to hold the	pass rules:

	   anchor "tftp-proxy/*"

     inetd(8) must be configured to spawn the proxy on the port	that packets
     are being forwarded to by pf(4).  An example inetd.conf(5)	entry follows:  dgram   udp	   wait	   root	\
		   /usr/libexec/tftp-proxy tftp-proxy

     tftp(1), pf(4), pf.conf(5), ftp-proxy(8), inetd(8), syslogd(8), tftpd(8)

     tftp-proxy	chroots	to /var/empty and changes to user ``proxy'' to drop

FreeBSD	11.1		       November	28, 2005		  FreeBSD 11.1


Want to link to this manual page? Use this URL:

home | help