- NetBSD Manual Pages
TFTP-PROXY(8) NetBSD System Manager's Manual TFTP-PROXY(8)
Powered by man-cgi (2021-03-02).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.
tftp-proxy -- Internet Trivial File Transfer Protocol proxy
tftp-proxy [-v] [-w transwait]
tftp-proxy is a proxy for the Internet Trivial File Transfer Protocol
invoked by the inetd(8) internet server. TFTP connections should be
redirected to the proxy using the pf(4) rdr command, after which the
proxy connects to the server on behalf of the client.
The proxy establishes a pf(4) rdr rule using the anchor facility to re-
write packets between the client and the server. Once the rule is estab-
lished, tftp-proxy forwards the initial request from the client to the
server to begin the transfer. After transwait seconds, the pf(4) NAT
state is assumed to have been established and the rdr rule is deleted and
the program exits. Once the transfer between the client and the server
is completed, the NAT state will naturally expire.
Assuming the TFTP command request is from $client to $server, the proxy
connected to the server using the $proxy source address, and $port is
negotiated, tftp-proxy adds the following rule to the anchor:
rdr proto udp from $server to $proxy port $port -> $client
The options are as follows:
-v Log the connection and request information to syslogd(8).
Number of seconds to wait for the data transmission to begin
before removing the pf(4) rdr rule. The default is 2 seconds.
To make use of the proxy, pf.conf(5) needs the following rules. The
anchors are mandatory. Adjust the rules as needed for your configura-
In the NAT section:
nat on $ext_if from $int_if -> ($ext_if:0)
no nat on $ext_if to port tftp
rdr on $int_if proto udp from $lan to any port tftp -> \
127.0.0.1 port 6969
In the filter section, an anchor must be added to hold the pass rules:
inetd(8) must be configured to spawn the proxy on the port that packets
are being forwarded to by pf(4). An example inetd.conf(5) entry follows:
127.0.0.1:6969 dgram udp wait root \
tftp(1), pf(4), pf.conf(5), ftp-proxy(8), inetd(8), syslogd(8), tftpd(8)
tftp-proxy chroots to /var/chroot/tftp-proxy and changes to user
``_proxy'' to drop privileges.
NetBSD 9.99 May 31, 2007 NetBSD 9.99