On Tue, Dec 31, 2019 at 09:36:58AM +0100, kvaps wrote: > > Of course you can use hostNetwork=true, but it is less secure and not > redundant.
You can also use pipework or just correctly configure your firewall rules. Either load the conntrack modules for tftp and nat, or use additional software to mark the traffic and configure the host system to permit the marked packets through. Not sure what you mean about less secure, but redundancy is easy to achieve with tftp, since it's all udp and you can have more than one service on hand. IP migration doesn't do you much good in this case anywaqy. > The packets are always sending to the client specific port. There is no put > requests. > What is actually broken? Example tcpdump: The TID in the tftp packets is supposed to match the port it's sending on. This is how well-behaving tftp software can verify it's receiving the correct packets. The single-port stuff breaks down when, e.g., you're booting 1500 computers from a given tftpd. It's always easier to write new code than to learn the existing tools. It's just not a sustainable practice, especially when you're violating standards in the process. khm _______________________________________________ Dnsmasq-discuss mailing list Dnsmasqemail@example.com http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss