| TFTP-PROXY(8) | System Manager's Manual | TFTP-PROXY(8) |
tftp-proxy —
Internet Trivial File Transfer Protocol proxy
tftp-proxy |
[-46dv] [-a
address] [-l
address] [-p
port] [-w
transwait] |
tftp-proxy is a proxy for the Internet
Trivial File Transfer Protocol. TFTP connections should be redirected to the
proxy using a pf(4) rule using the
divert-to option, after which the proxy connects to
the server on behalf of the client. The connection from the proxy to the
server needs to be passed by a rule with divert-reply set.
The proxy inserts pf(4)
pass and/or rdr rules using the anchor facility to
allow payload packets between the client and the server. Once the rules are
inserted, tftp-proxy forwards the initial request
from the client to the server to begin the transfer. After
transwait seconds, the states are assumed to have been
established and the pf(4) rules are
deleted and the program exits. Once the transfer between the client and the
server is completed, the states will naturally expire.
The options are as follows:
-4tftp-proxy to use IPv4 addresses only.-6tftp-proxy to use IPv6 addresses only.-a
address-a
options to specify both an IPv4 and an IPv6 address.-dtftp-proxy will run in the foreground and log the
client IP, type of request, and filename to stderr.-l
addresstftp-proxy listens on localhost addresses.-p
porttftp-proxy listens on port 6969.-v-w
transwaitTo make use of the proxy, pf.conf(5) needs the following rules. The anchor is mandatory. Adjust the rule as needed for your configuration.
anchor "tftp-proxy/*"
pass in quick on $int_if inet proto udp from $lan to port tftp \
divert-to 127.0.0.1 port 6969
pass out quick on $ext_if inet proto udp from $lan to port tftp \
group _tftp_proxy divert-reply
tftp(1), pf(4), pf.conf(5), ftp-proxy(8), syslogd(8), tftpd(8)
The current stand-alone implementation first appeared in OpenBSD 5.3.
David Gwynne <dlg@openbsd.org>
| March 31, 2022 | openbsd |