| TFTP-PROXY(8) | System Manager's Manual | TFTP-PROXY(8) | 
tftp-proxy —
| tftp-proxy | [ -v] [-wtranswait] | 
tftp-proxy is a proxy for the Internet Trivial File
  Transfer Protocol invoked by the
  inetd(8) internet server. TFTP
  connections should be redirected to the proxy using the
  pf(4) rdr
  command, after which the proxy connects to the server on behalf of the client.
The proxy establishes a
    pf(4) rdr
    rule using the anchor facility to rewrite packets
    between the client and the server. Once the rule is established,
    tftp-proxy forwards the initial request from the
    client to the server to begin the transfer. After
    transwait seconds, the
    pf(4) NAT state is assumed to have
    been established and the rdr rule is deleted and the
    program exits. Once the transfer between the client and the server is
    completed, the NAT state will naturally expire.
Assuming the TFTP command request is from $client to $server, the
    proxy connected to the server using the $proxy source address, and $port is
    negotiated, tftp-proxy adds the following rule to
    the anchor:
rdr proto udp from $server to $proxy port $port -> $client
The options are as follows:
-v-w
    transwaitIn the NAT section:
nat on $ext_if from $int_if -> ($ext_if:0)
no nat on $ext_if to port tftp
rdr-anchor "tftp-proxy/*"
rdr on $int_if proto udp from $lan to any port tftp -> \
    127.0.0.1 port 6969
In the filter section, an anchor must be added to hold the pass rules:
anchor "tftp-proxy/*"
inetd(8) must be configured to spawn the proxy on the port that packets are being forwarded to by pf(4). An example inetd.conf(5) entry follows:
127.0.0.1:6969 dgram udp wait root \ /usr/libexec/tftp-proxy tftp-proxy
tftp-proxy chroots to
  /var/chroot/tftp-proxy and changes to user
  “_proxy” to drop privileges.
| May 31, 2007 | NetBSD 9.2 |