xref: /openbsd/usr.sbin/tftp-proxy/tftp-proxy.8 (revision 09467b48) 
1.\"	$OpenBSD: tftp-proxy.8,v 1.9 2018/11/05 07:03:08 jmc Exp $
2.\"
3.\" Copyright (c) 2005 joshua stein <jcs@openbsd.org>
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\"
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\" 3. The name of the author may not be used to endorse or promote products
15.\"    derived from this software without specific prior written permission.
16.\"
17.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27.\"
28.Dd $Mdocdate: November 5 2018 $
29.Dt TFTP-PROXY 8
30.Os
31.Sh NAME
32.Nm tftp-proxy
33.Nd Internet Trivial File Transfer Protocol proxy
34.Sh SYNOPSIS
35.Nm tftp-proxy
36.Op Fl 46dv
37.Op Fl a Ar address
38.Op Fl l Ar address
39.Op Fl p Ar port
40.Op Fl w Ar transwait
41.Sh DESCRIPTION
42.Nm
43is a proxy for the Internet Trivial File Transfer Protocol.
44TFTP connections should be redirected to the proxy using a
45.Xr pf 4
46rule using the
47.Ar divert-to
48option, after which the proxy connects to the server on behalf of
49the client.
50The connection from the proxy to the server needs to be passed by
51a rule with divert-reply set.
52.Pp
53The proxy inserts
54.Xr pf 4
55pass and/or rdr rules using the
56.Ar anchor
57facility to allow payload packets between the client and the server.
58Once the rules are inserted,
59.Nm
60forwards the initial request from the client to the server to begin the
61transfer.
62After
63.Ar transwait
64seconds, the states are assumed to have been established and the
65.Xr pf 4
66rules are deleted and the program exits.
67Once the transfer between the client and the server is completed the
68states will naturally expire.
69.Pp
70The options are as follows:
71.Bl -tag -width Ds
72.It Fl 4
73Forces
74.Nm
75to use IPv4 addresses only.
76.It Fl 6
77Forces
78.Nm
79to use IPv6 addresses only.
80.It Fl a Ar address
81The proxy will use
82.Ar address
83as the source address for the initial request from the client to the server for
84NAT traversal.
85Instead of a
86.Dq pass in
87rule an
88.Dq rdr
89rule will be generated.
90It is possible to have two
91.Fl a
92options to specify both an IPv4 and an IPv6 address.
93.It Fl d
94Do not daemonize.
95If this option is specified,
96.Nm
97will run in the foreground and log
98the client IP, type of request, and filename to stderr.
99.It Fl l Ar address
100Listen on the specified address.
101By default
102.Nm
103listens on localhost addresses.
104.It Fl p Ar port
105Listen on the specified port.
106By default
107.Nm
108listens on port 6969.
109.It Fl v
110Log the connection and request information to
111.Xr syslogd 8 .
112.It Fl w Ar transwait
113Number of seconds to wait for the data transmission to begin before
114removing the
115.Xr pf 4
116rule.
117The default is 2 seconds.
118.El
119.Sh CONFIGURATION
120To make use of the proxy,
121.Xr pf.conf 5
122needs the following rules.
123The anchor is mandatory.
124Adjust the rule as needed for your configuration.
125.Bd -literal -offset indent
126anchor "tftp-proxy/*"
127pass in quick on $int_if inet proto udp from $lan to port tftp \e
128    divert-to 127.0.0.1 port 6969
129pass out quick on $ext_if inet proto udp from $lan to port tftp \e
130    group _tftp_proxy divert-reply
131.Ed
132.Sh SEE ALSO
133.Xr tftp 1 ,
134.Xr pf 4 ,
135.Xr pf.conf 5 ,
136.Xr ftp-proxy 8 ,
137.Xr syslogd 8 ,
138.Xr tftpd 8
139.Sh HISTORY
140The current stand-alone implementation first appeared in
141.Ox 5.3 .
142.Sh AUTHORS
143.An David Gwynne Aq Mt dlg@openbsd.org
144