summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libexec/tftp-proxy/tftp-proxy.839
1 files changed, 13 insertions, 26 deletions
diff --git a/libexec/tftp-proxy/tftp-proxy.8 b/libexec/tftp-proxy/tftp-proxy.8
index 28d4ac474b7..3e508f5076a 100644
--- a/libexec/tftp-proxy/tftp-proxy.8
+++ b/libexec/tftp-proxy/tftp-proxy.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tftp-proxy.8,v 1.2 2007/05/31 19:19:41 jmc Exp $
+.\" $OpenBSD: tftp-proxy.8,v 1.3 2009/09/01 14:15:57 sthen Exp $
.\"
.\" Copyright (c) 2005 joshua stein <jcs@openbsd.org>
.\"
@@ -25,7 +25,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: May 31 2007 $
+.Dd $Mdocdate: September 1 2009 $
.Dt TFTP-PROXY 8
.Os
.Sh NAME
@@ -41,16 +41,17 @@ is a proxy for the Internet Trivial File Transfer Protocol invoked by
the
.Xr inetd 8
internet server.
-TFTP connections should be redirected to the proxy using the
+TFTP connections should be redirected to the proxy using a
.Xr pf 4
-.Ar rdr
-command, after which the proxy connects to the server on behalf of
+rule using the
+.Ar rdr-to
+option, after which the proxy connects to the server on behalf of
the client.
.Pp
The proxy establishes a
.Xr pf 4
-.Ar rdr
-rule using the
+.Ar rdr-to
+pass rule using the
.Ar anchor
facility to rewrite packets between the client and the server.
Once the rule is established,
@@ -59,10 +60,8 @@ forwards the initial request from the client to the server to begin the
transfer.
After
.Ar transwait
-seconds, the
+seconds, the NAT state is assumed to have been established and the
.Xr pf 4
-NAT state is assumed to have been established and the
-.Ar rdr
rule is deleted and the program exits.
Once the transfer between the client and the server is completed, the
NAT state will naturally expire.
@@ -85,7 +84,6 @@ Log the connection and request information to
Number of seconds to wait for the data transmission to begin before
removing the
.Xr pf 4
-.Ar rdr
rule.
The default is 2 seconds.
.El
@@ -93,23 +91,12 @@ The default is 2 seconds.
To make use of the proxy,
.Xr pf.conf 5
needs the following rules.
-The anchors are mandatory.
-Adjust the rules as needed for your configuration.
-.Pp
-In the NAT section:
-.Bd -literal -offset indent
-nat on $ext_if from $int_if -\*(Gt ($ext_if:0)
-
-no nat on $ext_if to port tftp
-
-rdr-anchor "tftp-proxy/*"
-rdr on $int_if proto udp from $lan to any port tftp -\*(Gt \e
- 127.0.0.1 port 6969
-.Ed
-.Pp
-In the filter section, an anchor must be added to hold the pass rules:
+The anchor is mandatory.
+Adjust the rule as needed for your configuration.
.Bd -literal -offset indent
anchor "tftp-proxy/*"
+pass in quick on $int_if proto udp from $lan to any port tftp \e
+ rdr-to 127.0.0.1 port 6969
.Ed
.Pp
.Xr inetd 8