is a proxy for the Internet Trivial File Transfer Protocol invoked by
TFTP connections should be redirected to the proxy using the
command, after which the proxy connects to the server on behalf of
The proxy establishes a
rule using the
facility to rewrite packets between the client and the server.
Once the rule is established,
forwards the initial request from the client to the server to begin the
NAT state is assumed to have been established and the
rule is deleted and the program exits.
Once the transfer between the client and the server is completed, the
NAT state will naturally expire.
Assuming the TFTP command request is from $client to $server, the
proxy connected to the server using the $proxy source address, and
$port is negotiated,
adds the following rule to the anchor:
rdr proto udp from $server to $proxy port $port -> $client
The options are as follows:
Log the connection and request information to
Number of seconds to wait for the data transmission to begin before
The default is 2 seconds.
To make use of the proxy,
needs the following rules.
The anchors are mandatory.
Adjust the rules as needed for your configuration.
In the NAT section:
nat on $ext_if from $int_if -> ($ext_if:0)
no nat on $ext_if to port tftp
rdr on $int_if proto udp from $lan to any port tftp -> \
127.0.0.1 port 6969
In the filter section, an anchor must be added to hold the pass rules:
must be configured to spawn the proxy on the port that packets are
being forwarded to by
127.0.0.1:6969 dgram udp wait root \