TFTP-PROXY(8) OpenBSD System Manager's Manual TFTP-PROXY(8)NAMEtftp-proxy - Internet Trivial File Transfer Protocol proxy
SYNOPSIStftp-proxy [-v] [-w transwait]
DESCRIPTIONtftp-proxy is a proxy for the Internet Trivial File Transfer Protocol
invoked by the inetd(8) internet server. TFTP connections should be
redirected to the proxy using a pf(4) rule using the rdr-to option, after
which the proxy connects to the server on behalf of the client.
The proxy establishes a pf(4) rdr-to pass rule using the anchor facility
to rewrite packets between the client and the server. Once the rule is
established, tftp-proxy forwards the initial request from the client to
the server to begin the transfer. After transwait seconds, the NAT state
is assumed to have been established and the pf(4) rule is deleted and the
program exits. Once the transfer between the client and the server is
completed, the NAT state will naturally expire.
Assuming the TFTP command request is from $client to $server, the proxy
connected to the server using the $proxy source address, and $port is
negotiated, tftp-proxy adds the following rule to the anchor:
rdr proto udp from $server to $proxy port $port -> $client
The options are as follows:
-v Log the connection and request information to syslogd(8).
-w transwait
Number of seconds to wait for the data transmission to begin
before removing the pf(4) rule. The default is 2 seconds.
CONFIGURATION
To make use of the proxy, pf.conf(5) needs the following rules. The
anchor is mandatory. Adjust the rule as needed for your configuration.
anchor "tftp-proxy/*"
pass in quick on $int_if proto udp from $lan to any port tftp \
rdr-to 127.0.0.1 port 6969
inetd(8) must be configured to spawn the proxy on the port that packets
are being forwarded to by pf(4). An example inetd.conf(5) entry follows:
127.0.0.1:6969 dgram udp wait root \
/usr/libexec/tftp-proxy tftp-proxySEE ALSOtftp(1), pf(4), pf.conf(5), ftp-proxy(8), inetd(8), syslogd(8), tftpd(8)CAVEATStftp-proxy chroots to /var/empty and changes to user ``proxy'' to drop
privileges.
OpenBSD 4.9 September 1, 2009 OpenBSD 4.9