problems with tftp-proxy in 11.1?
John Jasen
jjasen at gmail.com
Mon Dec 4 18:57:10 UTC 2017
rdr pass log proto udp \
from {<all-public-ip-space>,<all-rfc1918-space>} \
to <pxe-servers> port tftp \
tag ALLOWED \
-> 127.0.0.1 port 6969
There is a pass quick tagged ALLOWED later in rules.
/etc/inetd.conf contains:
acmsoda dgram udp wait root /usr/libexec/tftp-proxy tftp-proxy
Depending on circumstances, we see a lot or a very few of the following
messages:
"pf connection lookup failed (no rdr?)"
We also see very slow tftp response through the 11.1 firewall, with
occasional complete failures.
On 12/03/2017 11:40 AM, Kristof Provost wrote:
> On 2 Dec 2017, at 4:56, John Jasen wrote:
>> Attempts to run tftp-proxy across a freebsd system running pf result in
>> very slow performance and an endless amount of:
>>
>> "pf connection lookup failed (no rdr?)"
>> Is there something that has regressed in 11.1, or am I missing something?
>>
> I’m not aware of any such regressions, but that of course doesn’t mean the
> can’t be there.
>
> Can you post the relevant bits of your rules/configuration? A small test case
> would be ideal.
>
> Regards,
> Kristof
More information about the freebsd-pf
mailing list