TL;DR: Please do NOT reply with "just use SSHD"; this thread is about TFTPD.
Real TL;DR: TFTPD will not send responses to IP addresses in the WAN, even though it receives requests from the WAN.
Full Story
FreeBSD 11.0-RELEASE-p1 AMD64
tftpd must be run from inetd, as /usr/libexec/tftpd appears to interface with a UDP socket as stdin.
/etc/rc.conf
/etc/inetd.conf
Now that inetd with tftpd is running, I can run tftp and
My FreeBSD system is within a residential NAT, but port forwarding has been setup properly to route TFTP traffic (UDP 69) to and from my FreeBSD system.
So,
My first reaction is to think that this is a port forwarding issue, however port forwarding is set up properly and tftp indicates that it actually receives packets from the WAN, as shown in /var/log/xferlog
(I really hope somebody doesn't reply with "oh youre just getting the wrong filename")
inetd apparently uses TCP Wrappers, which I should have disabled with
and xferlog indicates it has full access.
So, from this information I can conclude several possibilities.
Real TL;DR: TFTPD will not send responses to IP addresses in the WAN, even though it receives requests from the WAN.
Full Story
FreeBSD 11.0-RELEASE-p1 AMD64
tftpd must be run from inetd, as /usr/libexec/tftpd appears to interface with a UDP socket as stdin.
/etc/rc.conf
Code:
inetd_enable="YES"
inetd_flags=""
Code:
tftp dgram udp wait root /usr/libexec/tftpd tftpd -l -d 15 -s /tftpboot
get
things as expected.My FreeBSD system is within a residential NAT, but port forwarding has been setup properly to route TFTP traffic (UDP 69) to and from my FreeBSD system.
So,
tftp 127.0.0.1
works, tftp lan_ip
works, but tftp wan_ip
does not receive a response when I attempt to get
something. Note that I'm actually typing in the LAN and WAN IP's when I run the commands.My first reaction is to think that this is a port forwarding issue, however port forwarding is set up properly and tftp indicates that it actually receives packets from the WAN, as shown in /var/log/xferlog
Code:
Dec 4 18:19:32 temphost tftpd[1634]: Full access allowedin /etc/hosts.allow
Dec 4 18:19:32 temphost tftpd[1634]: Filename: 'a'
Dec 4 18:19:32 temphost tftpd[1634]: Mode: 'netascii'
Dec 4 18:19:32 temphost tftpd[1634]: 127.0.0.1: read request for a: File not found
Dec 4 18:19:37 temphost tftpd[1637]: Full access allowedin /etc/hosts.allow
Dec 4 18:19:37 temphost tftpd[1637]: Filename: 'a'
Dec 4 18:19:37 temphost tftpd[1637]: Mode: 'netascii'
Dec 4 18:19:37 temphost tftpd[1637]: _lan_ip_: read request for a: File not found
Dec 4 18:19:42 temphost tftpd[1640]: Full access allowedin /etc/hosts.allow
Dec 4 18:19:42 temphost tftpd[1640]: Filename: 'a'
Dec 4 18:19:42 temphost tftpd[1640]: Mode: 'netascii'
Dec 4 18:19:42 temphost tftpd[1640]: _wan_ip_: read request for a: File not found
inetd apparently uses TCP Wrappers, which I should have disabled with
inetd_flags=""
, and just to be safe I replaced /etc/hosts.allow with:
Code:
ALL : ALL : allow
So, from this information I can conclude several possibilities.
- tftpd bug? Probably not, since it works just fine with localhost and LAN IP.
- tftp bug? Probably not, since I get the same behavior with another client such as atftp
- Some FreeBSD mechanism, apart from TCP Wrapper, that treats the WAN IP as dangerous and prevents tftpd from emitting UDP packets towards them? This is the only thing I can conclude.