OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: wfhausmann on January 25, 2019, 01:46:16 am

Title: Has anyone ever got TFTP-Proxy working?
Post by: wfhausmann on January 25, 2019, 01:46:16 am
There was a post a while back with a link to GitHub but nothing that was firm.
Title: Re: Has anyone ever got TFTP-Proxy working?
Post by: mimugmail on January 25, 2019, 06:00:01 am
Someone in IRC got it working, yes.
I could build a simple plugin, but without upload function
Title: Re: Has anyone ever got TFTP-Proxy working?
Post by: wfhausmann on January 25, 2019, 02:08:27 pm
I followed the what previous users did, but I'm not sure it's working properly. I don't see it starting.
Title: Re: Has anyone ever got TFTP-Proxy working?
Post by: mimugmail on January 25, 2019, 03:53:51 pm
Do you see receiving packets on the firewall interface? If yes, check firewall logs
Title: Re: Has anyone ever got TFTP-Proxy working?
Post by: wfhausmann on January 25, 2019, 05:46:27 pm
When I send the tftp request, the reply is being blocked.
Title: Re: Has anyone ever got TFTP-Proxy working?
Post by: wfhausmann on January 25, 2019, 05:49:49 pm
FYI, I've added this:
<?php

function tftpproxy_enabled()
{
    return true;
}

function tftpproxy_firewall($fw)
{
    if (!tftpproxy_enabled()) {
        return;
    }

    $fw->registerAnchor('tftp-proxy/*', 'nat');
    $fw->registerAnchor('tftp-proxy/*', 'rdr');
    $fw->registerAnchor('tftp-proxy/*', 'fw');
}

And I've added this:

tftp    dgram   udp     wait    root    /usr/libexec/tftp-proxy tftp-proxy -v


I reloaded the services after that.

Thanks
Title: Re: Has anyone ever got TFTP-Proxy working?
Post by: wfhausmann on January 27, 2019, 01:35:48 pm
Anyone? How about an alternative method?
Title: Re: Has anyone ever got TFTP-Proxy working?
Post by: mimugmail on January 27, 2019, 01:37:18 pm
Why dont you just allow tftp on the interface rule tab?
Title: Re: Has anyone ever got TFTP-Proxy working?
Post by: wfhausmann on January 27, 2019, 03:19:48 pm
Not sure I understand what you're asking. Are you saying to port forward it? TFTP responds on a random UDP 1024> and the firewall rejects it. I've port forwarded that range back into the internal host but the FW re-writes the port number so the host no longer knows what to do with it.
Title: Re: Has anyone ever got TFTP-Proxy working?
Post by: wfhausmann on January 30, 2019, 03:39:53 am
So does anyone else have any thoughts on how to get tftp for a Cisco phone through the firewall?