NAME
tftp-proxy —
Internet Trivial File Transfer Protocol
proxy
SYNOPSIS
tftp-proxy |
[-v] [-w
transwait] |
DESCRIPTION
tftp-proxy is a proxy for the Internet
Trivial File Transfer Protocol invoked by the
inetd(8) internet server. TFTP connections should be redirected to
the proxy using a pf(4) rule using the divert-to option,
after which the proxy connects to the server on behalf of the client. The
connection from the proxy to the server needs to be passed by a rule with
divert-reply set.
The proxy inserts
pf(4)
pass rules using the anchor facility to allow payload
packets between the client and the server. Once the rules are inserted,
tftp-proxy forwards the initial request from the
client to the server to begin the transfer. After
transwait seconds, the states are assumed to have been
established and the pf(4) rules are deleted and the program exits. Once the
transfer between the client and the server is completed the states will
naturally expire.
The options are as follows:
-v- Log the connection and request information to syslogd(8).
-wtranswait- Number of seconds to wait for the data transmission to begin before removing the pf(4) rule. The default is 2 seconds.
CONFIGURATION
To make use of the proxy, pf.conf(5) needs the following rules. The anchor is mandatory. Adjust the rule as needed for your configuration.
anchor "tftp-proxy/*"
pass in quick on $int_if inet proto udp from $lan to port tftp \
divert-to 127.0.0.1 port 6969
pass out quick on $ext_if inet proto udp from $lan to port tftp \
group proxy divert-reply
inetd(8) must be configured to spawn the proxy on the port that packets are being forwarded to by pf(4). An example inetd.conf(5) entry follows:
127.0.0.1:6969 dgram udp wait root:proxy \ /usr/libexec/tftp-proxy tftp-proxy
SEE ALSO
tftp(1), pf(4), pf.conf(5), ftp-proxy(8), inetd(8), syslogd(8), tftpd(8)
CAVEATS
tftp-proxy chroots to
/var/empty and changes to user “proxy”
to drop privileges.