NAME

SYNOPSIS

DESCRIPTION

The proxy establishes a pf(4) rdr rule using the anchor facility to rewrite packets between the client and the server. Once the rule is established, tftp-proxy forwards the initial request from the client to the server to begin the transfer. After transwait seconds, the pf(4) NAT state is assumed to have been established and the rdr rule is deleted and the program exits. Once the transfer between the client and the server is completed, the NAT state will naturally expire.

Assuming the TFTP command request is from $client to $server, the proxy connected to the server using the $proxy source address, and $port is negotiated, tftp-proxy adds the following rule to the anchor:

rdr proto udp from $server to $proxy port $port -> $client

The options are as follows:

-v

Log the connection and request information to syslogd(8).

-w transwait

Number of seconds to wait for the data transmission to begin before removing the pf(4) rdr rule. The default is 2 seconds.

CONFIGURATION

In the NAT section:

nat on $ext_if from $int_if -> ($ext_if:0)

no nat on $ext_if to port tftp

rdr-anchor "tftp-proxy/*"
rdr on $int_if proto udp from $lan to any port tftp -> \
    127.0.0.1 port 6969

In the filter section, an anchor must be added to hold the pass rules:

anchor "tftp-proxy/*"

inetd(8) must be configured to spawn the proxy on the port that packets are being forwarded to by pf(4). An example inetd.conf(5) entry follows:

127.0.0.1:6969	dgram	udp	wait	root \
	/usr/libexec/tftp-proxy	tftp-proxy

SEE ALSO

CAVEATS