Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   11362 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

TFTP-PROXY(8)		OpenBSD System Manager's Manual		 TFTP-PROXY(8)

NAME
     tftp-proxy - Internet Trivial File Transfer Protocol proxy

SYNOPSIS
     tftp-proxy [-v] [-w transwait]

DESCRIPTION
     tftp-proxy is a proxy for the Internet Trivial File Transfer Protocol
     invoked by the inetd(8) internet server.  TFTP connections should be
     redirected to the proxy using a pf(4) rule using the rdr-to option, after
     which the proxy connects to the server on behalf of the client.

     The proxy establishes a pf(4) rdr-to pass rule using the anchor facility
     to rewrite packets between the client and the server.  Once the rule is
     established, tftp-proxy forwards the initial request from the client to
     the server to begin the transfer.	After transwait seconds, the NAT state
     is assumed to have been established and the pf(4) rule is deleted and the
     program exits.  Once the transfer between the client and the server is
     completed, the NAT state will naturally expire.

     Assuming the TFTP command request is from $client to $server, the proxy
     connected to the server using the $proxy source address, and $port is
     negotiated, tftp-proxy adds the following rule to the anchor:

	   rdr proto udp from $server to $proxy port $port -> $client

     The options are as follows:

     -v	     Log the connection and request information to syslogd(8).

     -w transwait
	     Number of seconds to wait for the data transmission to begin
	     before removing the pf(4) rule.  The default is 2 seconds.

CONFIGURATION
     To make use of the proxy, pf.conf(5) needs the following rules.  The
     anchor is mandatory.  Adjust the rule as needed for your configuration.

	   anchor "tftp-proxy/*"
	   pass in quick on $int_if proto udp from $lan to any port tftp \
	       rdr-to 127.0.0.1 port 6969

     inetd(8) must be configured to spawn the proxy on the port that packets
     are being forwarded to by pf(4).  An example inetd.conf(5) entry follows:

	   127.0.0.1:6969  dgram   udp	   wait	   root \
		   /usr/libexec/tftp-proxy tftp-proxy

SEE ALSO
     tftp(1), pf(4), pf.conf(5), ftp-proxy(8), inetd(8), syslogd(8), tftpd(8)

CAVEATS
     tftp-proxy chroots to /var/empty and changes to user ``proxy'' to drop
     privileges.

OpenBSD 4.9		       September 1, 2009		   OpenBSD 4.9

Vote for polarhome