NAME
tftp-proxy
—
Internet Trivial File Transfer Protocol
proxy
SYNOPSIS
tftp-proxy |
[-46dv ] [-a
address] [-l
address] [-p
port] [-w
transwait] |
DESCRIPTION
tftp-proxy
is a proxy for the Internet
Trivial File Transfer Protocol. TFTP connections should be redirected to the
proxy using a pf(4) rule using the divert-to option, after
which the proxy connects to the server on behalf of the client. The
connection from the proxy to the server needs to be passed by a rule with
divert-reply set.
The proxy inserts
pf(4)
pass and/or rdr rules using the anchor facility to
allow payload packets between the client and the server. Once the rules are
inserted, tftp-proxy
forwards the initial request
from the client to the server to begin the transfer. After
transwait seconds, the states are assumed to have been
established and the pf(4) rules are deleted and the program exits. Once the
transfer between the client and the server is completed the states will
naturally expire.
The options are as follows:
-4
- Forces
tftp-proxy
to use IPv4 addresses only. -6
- Forces
tftp-proxy
to use IPv6 addresses only. -a
address- The proxy will use address as the source address for
the initial request from the client to the server for NAT traversal.
Instead of a “pass in” rule an “rdr” rule will
be generated. It is possible to have two
-a
options to specify both an IPv4 and an IPv6 address. -d
- Do not daemonize. If this option is specified,
tftp-proxy
will run in the foreground and log the client IP, type of request, and filename to stderr. -l
address- Listen on the specified address. By default
tftp-proxy
listens on localhost addresses. -p
port- Listen on the specified port. By default
tftp-proxy
listens on port 6969. -v
- Log the connection and request information to syslogd(8).
-w
transwait- Number of seconds to wait for the data transmission to begin before removing the pf(4) rule. The default is 2 seconds.
CONFIGURATION
To make use of the proxy, pf.conf(5) needs the following rules. The anchor is mandatory. Adjust the rule as needed for your configuration.
anchor "tftp-proxy/*" pass in quick on $int_if inet proto udp from $lan to port tftp \ divert-to 127.0.0.1 port 6969 pass out quick on $ext_if inet proto udp from $lan to port tftp \ group proxy divert-reply
SEE ALSO
tftp(1), pf(4), pf.conf(5), ftp-proxy(8), syslogd(8), tftpd(8)
CAVEATS
tftp-proxy
chroots to
/var/empty and changes to user “proxy”
to drop privileges.