Hi,
I am unsuccessful in configuring tftp-proxy to work with my phones.
This is my configuration involved:
FreeBSD 7.3-RELEASE-p2
# cat /etc/pf.conf
wan_if="re0"
phone_if="em0"
set debug urgent
set optimization normal
set block-policy return
set timeout { udp.first 300, udp.single 150, udp.multiple 900 }
set limit { states 20000, frags 20000 }
set skip on lo0
scrub in
nat on $wan_if from $phone_if -> $wan_if
no nat on $wan_if to port tftp
nat on $wan_if proto udp from $phone_if:network to any -> $wan_if static-port
nat on $wan_if from $phone_if:network to any -> $wan_if
rdr-anchor "tftp-proxy/*"
rdr on $phone_if proto udp from $phone_if:network to any port tftp -> 127.0.0.1
port 6969
anchor "tftp-proxy/*"
# grep tftp-proxy /etc/inetd.conf
tftp-proxy dgram udp wait root /usr/libexec/tftp-proxy
tftp-proxy -w 5
# grep tftp-proxy /etc/services
tftp-proxy 6969/udp
# grep inetd /etc/rc.conf
inetd_enable="YES"
inetd_flags="-a 127.0.0.1"
I observe in the syslog the following message:
Jul 17 16:37:11 spider tftp-proxy[4675]: pf connection lookup failed (no rdr?)
Jul 17 16:37:11 spider kernel: Jul 17 16:37:11 spider tftp-proxy[4675]: pf
connection lookup failed (no rdr?)
Jul 17 16:37:11 spider inetd[4665]: /usr/libexec/tftp-proxy[4675]: exited,
status 1
tcpdump shows tftp reply packets are getting rejected, which I assume means
tftp-proxy is not expecting replies
17:07:19.135743 IP spider.57874 > 204.16.177.35.tftp: 32 RRQ "SEPXXX.cnf.xml"
octet
17:07:19.167369 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1
17:07:20.596097 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1
17:07:21.596652 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1
17:07:22.597755 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1
17:07:24.142580 IP spider.58998 > 204.16.177.35.tftp: 32 RRQ "SEPXXX.cnf.xml"
octet
17:07:24.242006 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1
17:07:24.242036 IP spider > 204.16.177.35: ICMP spider udp port 57874
unreachable, length 36
17:07:24.242465 IP 204.16.177.35.tftp > spider.58998: 516 DATA block 1
17:07:25.243154 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1
17:07:25.243203 IP spider > 204.16.177.35: ICMP spider udp port 57874
unreachable, length 36
17:07:25.243213 IP 204.16.177.35.tftp > spider.58998: 516 DATA block 1
17:07:26.244089 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1
17:07:26.244121 IP spider > 204.16.177.35: ICMP spider udp port 57874
unreachable, length 36
17:07:26.244281 IP 204.16.177.35.tftp > spider.58998: 516 DATA block 1
17:07:27.245051 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1
17:07:27.245091 IP spider > 204.16.177.35: ICMP spider udp port 57874
unreachable, length 36
17:07:27.245409 IP 204.16.177.35.tftp > spider.58998: 516 DATA block 1
17:07:28.246205 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1
17:07:28.246246 IP spider > 204.16.177.35: ICMP spider udp port 57874
unreachable, length 36
17:07:28.246292 IP 204.16.177.35.tftp > spider.58998: 516 DATA block 1
Not sure what I did wrong. The manual page of tftp-proxy has wrong entry for
inetd.conf, it has illegal syntax for FreeBSD's inetd,
maybe some other nuance was lost during migration from OpenBSD?
Thank you,
Sincerely,
Vadym Chepkov
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
