TFTP-PROXY(8) | System Manager's Manual | TFTP-PROXY(8) |
tftp-proxy
—
tftp-proxy |
[-v ] [-w
transwait] |
tftp-proxy
is a proxy for the Internet Trivial File
Transfer Protocol invoked by the
inetd(8) internet server. TFTP
connections should be redirected to the proxy using the
pf(4) rdr
command, after which the proxy connects to the server on behalf of the client.
The proxy establishes a
pf(4) rdr
rule using the anchor facility to rewrite packets
between the client and the server. Once the rule is established,
tftp-proxy
forwards the initial request from the
client to the server to begin the transfer. After
transwait seconds, the
pf(4) NAT state is assumed to have
been established and the rdr rule is deleted and the
program exits. Once the transfer between the client and the server is
completed, the NAT state will naturally expire.
Assuming the TFTP command request is from $client to $server, the
proxy connected to the server using the $proxy source address, and $port is
negotiated, tftp-proxy
adds the following rule to
the anchor:
rdr proto udp from $server to $proxy port $port -> $client
The options are as follows:
-v
-w
transwaitIn the NAT section:
nat on $ext_if from $int_if -> ($ext_if:0) no nat on $ext_if to port tftp rdr-anchor "tftp-proxy/*" rdr on $int_if proto udp from $lan to any port tftp -> \ 127.0.0.1 port 6969
In the filter section, an anchor must be added to hold the pass rules:
anchor "tftp-proxy/*"
inetd(8) must be configured to spawn the proxy on the port that packets are being forwarded to by pf(4). An example inetd.conf(5) entry follows:
127.0.0.1:6969 dgram udp wait root \ /usr/libexec/tftp-proxy tftp-proxy
tftp-proxy
chroots to
/var/chroot/tftp-proxy and changes to user
“_proxy” to drop privileges.
May 31, 2007 | NetBSD 9.4 |