Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

tftp-proxy(8) [netbsd man page]

TFTP-PROXY(8)						    BSD System Manager's Manual 					     TFTP-PROXY(8)

NAME

     tftp-proxy -- Internet Trivial File Transfer Protocol proxy

SYNOPSIS

     tftp-proxy [-v] [-w transwait]

DESCRIPTION

     tftp-proxy is a proxy for the Internet Trivial File Transfer Protocol invoked by the inetd(8) internet server.  TFTP connections should be
     redirected to the proxy using the pf(4) rdr command, after which the proxy connects to the server on behalf of the client.

     The proxy establishes a pf(4) rdr rule using the anchor facility to rewrite packets between the client and the server.  Once the rule is
     established, tftp-proxy forwards the initial request from the client to the server to begin the transfer.	After transwait seconds, the pf(4)
     NAT state is assumed to have been established and the rdr rule is deleted and the program exits.  Once the transfer between the client and
     the server is completed, the NAT state will naturally expire.

     Assuming the TFTP command request is from $client to $server, the proxy connected to the server using the $proxy source address, and $port is
     negotiated, tftp-proxy adds the following rule to the anchor:

	   rdr proto udp from $server to $proxy port $port -> $client

     The options are as follows:

     -v      Log the connection and request information to syslogd(8).

     -w transwait
	     Number of seconds to wait for the data transmission to begin before removing the pf(4) rdr rule.  The default is 2 seconds.

CONFIGURATION

     To make use of the proxy, pf.conf(5) needs the following rules.  The anchors are mandatory.  Adjust the rules as needed for your configura-
     tion.

     In the NAT section:

	   nat on $ext_if from $int_if -> ($ext_if:0)

	   no nat on $ext_if to port tftp

	   rdr-anchor "tftp-proxy/*"
	   rdr on $int_if proto udp from $lan to any port tftp -> 
	       127.0.0.1 port 6969

     In the filter section, an anchor must be added to hold the pass rules:

	   anchor "tftp-proxy/*"

     inetd(8) must be configured to spawn the proxy on the port that packets are being forwarded to by pf(4).  An example inetd.conf(5) entry fol-
     lows:

	   127.0.0.1:6969  dgram   udp	   wait    root 
		   /usr/libexec/tftp-proxy tftp-proxy

SEE ALSO

     tftp(1), pf(4), pf.conf(5), ftp-proxy(8), inetd(8), syslogd(8), tftpd(8)

CAVEATS

     tftp-proxy chroots to /var/chroot/tftp-proxy and changes to user ``_proxy'' to drop privileges.

BSD
								   May 31, 2007 							       BSD

Check Out this Related Man Page

tftpd(8)						      System Manager's Manual							  tftpd(8)

NAME

       tftpd - The DARPA Trivial File Transfer Protocol (TFTP) server

SYNOPSIS

       /usr/sbin/tftpd [-b] [-d] [-r pathname] [-t interval] [directory ...]

FLAGS

       Instructs  tftpd to not respond to broadcast requests.  Specifies that the name of the file and other debug information is sent to syslogd.
       Specifies the relative pathname a user can specify to transfer a file that has no path associated  with	it.   For  example,  -r  /tmp/tftp
       causes  /tmp/tftp to be prefixed to a file that has no path and the file is copied to and from the directory /tmp/tftp.	Only one directory
       path can be specified with this option.	Specifies the amount of time, in seconds, that tftpd waits  before  it	recognizing  a	connection
       timeout.  The default interval is 25 seconds.

DESCRIPTION

       The  tftpd daemon is a server that supports the DARPA (Defense Advanced Research Projects Agency) Trivial File Transfer Protocol.  The TFTP
       server operates at the port indicated in the tftp service description; see services(4).	The server is normally started by inetd(8).

       The use of tftp does not require an account or password on the remote system.  Due to the lack of authentication  information,  tftpd  will
       allow  only  publicly readable files to be accessed.  Files can be written only if they already exist and are publicly writable.  Note that
       this extends the concept of ``public'' to include all users on all hosts that can be reached through the network; this may not be appropri-
       ate  on	all  systems,  and its implication should be considered before enabling tftp service.  The server should have the user ID with the
       lowest possible privilege.

       Access to files may be restricted by invoking tftpd with a list of directories and including  pathnames	as  server  program  arguments	in
       /etc/inetd.conf.  In this case, access is restricted to files whose names are prefixed by the one of the given directories.

       The tftpd daemon validates the files that it has to transfer against the /etc/tftptab file. If you are transferring files that are not pub-
       licly readable or not in the directories listed on the command line, you must make certain that those files are listed in the  /etc/tftptab
       file.

RESTRICTION

       The maximum number of directories allowed in the directory list are 62.	The maximum number of files allowed in /etc/tftptab file is 256.

FILES

       Specifies the command path

RELATED INFORMATION

       Commands: tftp(1)

       Daemons: inetd(8) delim off

																	  tftpd(8)
Man Page