Re: [Dnsmasq-discuss] Single-port mode for TFTP

2020-01-06 Thread kvaps
Simon, You're amazing, thank you so much! - kvaps On Mon, Jan 6, 2020 at 12:06 AM Simon Kelley wrote: > On 30/12/2019 11:51, kvaps wrote: > > Hi Simon, > > > > We're happy to use dnsmasq for organize network booting in Kubernetes, > > it have everything need: DNS-, DHCP- and TFTP-servers. >

Re: [Dnsmasq-discuss] Single-port mode for TFTP

2020-01-05 Thread Simon Kelley
On 30/12/2019 11:51, kvaps wrote: > Hi Simon, > > We're happy to use dnsmasq for organize network booting in Kubernetes, > it have everything need: DNS-, DHCP- and TFTP-servers. > > The only problem is that TFTP protocol in its reference implementation > is not working behind the NAT, because

Re: [Dnsmasq-discuss] Single-port mode for TFTP

2020-01-02 Thread Simon Kelley
On 31/12/2019 08:36, kvaps wrote: > On Tue, Dec 31, 2019 at 8:45 AM Kurt H Maier > wrote: > > If you need this kind of functionality in Kubernetes you're much better > off using a different CNI plugin to manage your networking.  There's no > inherent NAT

Re: [Dnsmasq-discuss] Single-port mode for TFTP

2019-12-31 Thread Kurt H Maier
On Tue, Dec 31, 2019 at 09:36:58AM +0100, kvaps wrote: > > Of course you can use hostNetwork=true, but it is less secure and not > redundant. You can also use pipework or just correctly configure your firewall rules. Either load the conntrack modules for tftp and nat, or use additional software

Re: [Dnsmasq-discuss] Single-port mode for TFTP

2019-12-31 Thread kvaps
On Tue, Dec 31, 2019 at 8:45 AM Kurt H Maier wrote: > If you need this kind of functionality in Kubernetes you're much better > off using a different CNI plugin to manage your networking. There's no > inherent NAT requirement imposed by Kubernetes itself. This is not about CNI networking,

Re: [Dnsmasq-discuss] Single-port mode for TFTP

2019-12-31 Thread Kurt H Maier
On Mon, Dec 30, 2019 at 12:51:30PM +0100, kvaps wrote: > > Note that Kubernetes uses NAT for external services, so it's not possible > to run TFTP-server for external clients there. There is one proposed > solution for that, it suggests moving away from the RFC and implement > --single-port option

Re: [Dnsmasq-discuss] Single-port mode for TFTP

2019-12-30 Thread kvaps
No, there is need to respond exact from the same port which get an request. There is no way to configure firewall and use tftp-helper in Kubernetes, it's environments is very dynamic and might use different backends, eg ipvs and iptables. Please read this issue for more information:

Re: [Dnsmasq-discuss] Single-port mode for TFTP

2019-12-30 Thread john doe
On 12/30/2019 6:34 PM, kvaps wrote: > On Mon, Dec 30, 2019 at 2:42 PM john doe wrote: > >> Isn't the below flag what you want from (1): >> >> "--tftp-port-range=, >> A TFTP server listens on a well-known port (69) for connection >> initiation, but it also uses a dynamically-allocated port for

Re: [Dnsmasq-discuss] Single-port mode for TFTP

2019-12-30 Thread kvaps
> dnsmasq -d --enable-tftp --tftp-port-range=1069,1069 No way, because in this case it should also listen on 1069 port. - kvaps On Mon, Dec 30, 2019 at 9:11 PM Geert Stappers wrote: > On Mon, Dec 30, 2019 at 06:36:49PM +0100, kvaps wrote: > > On Mon, Dec 30, 2019 at 2:42 PM john doe wrote:

Re: [Dnsmasq-discuss] Single-port mode for TFTP

2019-12-30 Thread Geert Stappers
On Mon, Dec 30, 2019 at 06:36:49PM +0100, kvaps wrote: > On Mon, Dec 30, 2019 at 2:42 PM john doe wrote: > > Dec 30 2019, kvaps wrote: > > > ... > > Isn't the below flag what you want from (1): > > > > "--tftp-port-range=, > > A TFTP server listens on a well-known port (69) for connection > >

Re: [Dnsmasq-discuss] Single-port mode for TFTP

2019-12-30 Thread kvaps
On Mon, Dec 30, 2019 at 2:42 PM john doe wrote: > Isn't the below flag what you want from (1): > > "--tftp-port-range=, > A TFTP server listens on a well-known port (69) for connection > initiation, but it also uses a dynamically-allocated port for each > connection. Normally these are allocated

Re: [Dnsmasq-discuss] Single-port mode for TFTP

2019-12-30 Thread john doe
On 12/30/2019 12:51 PM, kvaps wrote: > Hi Simon, > > We're happy to use dnsmasq for organize network booting in Kubernetes, it > have everything need: DNS-, DHCP- and TFTP-servers. > > The only problem is that TFTP protocol in its reference implementation is > not working behind the NAT, because

[Dnsmasq-discuss] Single-port mode for TFTP

2019-12-30 Thread kvaps
Hi Simon, We're happy to use dnsmasq for organize network booting in Kubernetes, it have everything need: DNS-, DHCP- and TFTP-servers. The only problem is that TFTP protocol in its reference implementation is not working behind the NAT, because always sends reply packets from random port. Note