xref: /openbsd-src/usr.sbin/tftp-proxy/tftp-proxy.8 (revision 41ce3b17e73f6b7d2d9e1a3d961e4bab2d895cb5)

.\"	$OpenBSD: tftp-proxy.8,v 1.10 2022/03/31 17:27:32 naddy Exp $
.\"
.\" Copyright (c) 2005 joshua stein <jcs@openbsd.org>
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote products
.\"    derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 31 2022 $
.Dt TFTP-PROXY 8
.Os
.Sh NAME
.Nm tftp-proxy
.Nd Internet Trivial File Transfer Protocol proxy
.Sh SYNOPSIS
.Nm tftp-proxy
.Op Fl 46dv
.Op Fl a Ar address
.Op Fl l Ar address
.Op Fl p Ar port
.Op Fl w Ar transwait
.Sh DESCRIPTION
.Nm
is a proxy for the Internet Trivial File Transfer Protocol.
TFTP connections should be redirected to the proxy using a
.Xr pf 4
rule using the
.Ar divert-to
option, after which the proxy connects to the server on behalf of
the client.
The connection from the proxy to the server needs to be passed by
a rule with divert-reply set.
.Pp
The proxy inserts
.Xr pf 4
pass and/or rdr rules using the
.Ar anchor
facility to allow payload packets between the client and the server.
Once the rules are inserted,
.Nm
forwards the initial request from the client to the server to begin the
transfer.
After
.Ar transwait
seconds, the states are assumed to have been established and the
.Xr pf 4
rules are deleted and the program exits.
Once the transfer between the client and the server is completed, the
states will naturally expire.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl 4
Forces
.Nm
to use IPv4 addresses only.
.It Fl 6
Forces
.Nm
to use IPv6 addresses only.
.It Fl a Ar address
The proxy will use
.Ar address
as the source address for the initial request from the client to the server for
NAT traversal.
Instead of a
.Dq pass in
rule an
.Dq rdr
rule will be generated.
It is possible to have two
.Fl a
options to specify both an IPv4 and an IPv6 address.
.It Fl d
Do not daemonize.
If this option is specified,
.Nm
will run in the foreground and log
the client IP, type of request, and filename to stderr.
.It Fl l Ar address
Listen on the specified address.
By default
.Nm
listens on localhost addresses.
.It Fl p Ar port
Listen on the specified port.
By default
.Nm
listens on port 6969.
.It Fl v
Log the connection and request information to
.Xr syslogd 8 .
.It Fl w Ar transwait
Number of seconds to wait for the data transmission to begin before
removing the
.Xr pf 4
rule.
The default is 2 seconds.
.El
.Sh CONFIGURATION
To make use of the proxy,
.Xr pf.conf 5
needs the following rules.
The anchor is mandatory.
Adjust the rule as needed for your configuration.
.Bd -literal -offset indent
anchor "tftp-proxy/*"
pass in quick on $int_if inet proto udp from $lan to port tftp \e
    divert-to 127.0.0.1 port 6969
pass out quick on $ext_if inet proto udp from $lan to port tftp \e
    group _tftp_proxy divert-reply
.Ed
.Sh SEE ALSO
.Xr tftp 1 ,
.Xr pf 4 ,
.Xr pf.conf 5 ,
.Xr ftp-proxy 8 ,
.Xr syslogd 8 ,
.Xr tftpd 8
.Sh HISTORY
The current stand-alone implementation first appeared in
.Ox 5.3 .
.Sh AUTHORS
.An David Gwynne Aq Mt dlg@openbsd.org