tftp-proxy

Vadym Chepkov vchepkov at gmail.com
Sat Jul 17 21:20:12 UTC 2010 

Hi,

I am unsuccessful in configuring tftp-proxy to work with my phones.
This is my configuration involved:

FreeBSD 7.3-RELEASE-p2

# cat /etc/pf.conf
wan_if="re0"
phone_if="em0"

set debug urgent
set optimization normal
set block-policy return
set timeout { udp.first 300, udp.single 150, udp.multiple 900 }
set limit { states 20000, frags 20000 }
set skip on lo0
scrub in

nat on $wan_if from $phone_if -> $wan_if
no nat on $wan_if to port tftp
nat on $wan_if proto udp from $phone_if:network to any -> $wan_if static-port
nat on $wan_if from $phone_if:network to any -> $wan_if

rdr-anchor "tftp-proxy/*"
rdr on $phone_if proto udp from $phone_if:network to any port tftp -> 127.0.0.1 port 6969

anchor "tftp-proxy/*"

# grep tftp-proxy /etc/inetd.conf 
tftp-proxy	dgram   udp     wait    root	/usr/libexec/tftp-proxy tftp-proxy -w 5

# grep tftp-proxy /etc/services 
tftp-proxy	6969/udp

# grep inetd /etc/rc.conf 
inetd_enable="YES"
inetd_flags="-a 127.0.0.1"

I observe in the syslog the following message:
Jul 17 16:37:11 spider tftp-proxy[4675]: pf connection lookup failed (no rdr?)
Jul 17 16:37:11 spider kernel: Jul 17 16:37:11 spider tftp-proxy[4675]: pf connection lookup failed (no rdr?)
Jul 17 16:37:11 spider inetd[4665]: /usr/libexec/tftp-proxy[4675]: exited, status 1

tcpdump shows tftp reply packets are getting rejected, which I assume means tftp-proxy is not expecting replies

17:07:19.135743 IP spider.57874 > 204.16.177.35.tftp:  32 RRQ "SEPXXX.cnf.xml" octet 
17:07:19.167369 IP 204.16.177.35.tftp > spider.57874:  516 DATA block 1
17:07:20.596097 IP 204.16.177.35.tftp > spider.57874:  516 DATA block 1
17:07:21.596652 IP 204.16.177.35.tftp > spider.57874:  516 DATA block 1
17:07:22.597755 IP 204.16.177.35.tftp > spider.57874:  516 DATA block 1
17:07:24.142580 IP spider.58998 > 204.16.177.35.tftp:  32 RRQ "SEPXXX.cnf.xml" octet 
17:07:24.242006 IP 204.16.177.35.tftp > spider.57874:  516 DATA block 1
17:07:24.242036 IP spider > 204.16.177.35: ICMP spider udp port 57874 unreachable, length 36
17:07:24.242465 IP 204.16.177.35.tftp > spider.58998:  516 DATA block 1
17:07:25.243154 IP 204.16.177.35.tftp > spider.57874:  516 DATA block 1
17:07:25.243203 IP spider  > 204.16.177.35: ICMP spider udp port 57874 unreachable, length 36
17:07:25.243213 IP 204.16.177.35.tftp > spider.58998:  516 DATA block 1
17:07:26.244089 IP 204.16.177.35.tftp > spider.57874:  516 DATA block 1
17:07:26.244121 IP spider > 204.16.177.35: ICMP spider udp port 57874 unreachable, length 36
17:07:26.244281 IP 204.16.177.35.tftp > spider.58998:  516 DATA block 1
17:07:27.245051 IP 204.16.177.35.tftp > spider.57874:  516 DATA block 1
17:07:27.245091 IP spider > 204.16.177.35: ICMP spider udp port 57874 unreachable, length 36
17:07:27.245409 IP 204.16.177.35.tftp > spider.58998:  516 DATA block 1
17:07:28.246205 IP 204.16.177.35.tftp > spider.57874:  516 DATA block 1
17:07:28.246246 IP spider > 204.16.177.35: ICMP spider udp port 57874 unreachable, length 36
17:07:28.246292 IP 204.16.177.35.tftp > spider.58998:  516 DATA block 1

Not sure what I did wrong. The manual page of tftp-proxy has wrong entry for inetd.conf, it has illegal syntax for FreeBSD's inetd, 
maybe some other nuance was lost during migration from OpenBSD?

Thank you,

Sincerely,
Vadym Chepkov

More information about the freebsd-pf mailing list