Date: Mon, 4 Dec 2017 13:57:07 -0500 From: John Jasen <jjasen@gmail.com> To: Kristof Provost <kristof@sigsegv.be> Cc: FreeBSD PF <freebsd-pf@freebsd.org> Subject: Re: problems with tftp-proxy in 11.1? Message-ID: <9f0fc087-2aed-535e-c779-be0cc49cde26@gmail.com> In-Reply-To: <F42958A5-F0F6-44CE-A290-E21A1BFD517B@sigsegv.be> References: <e254d9bc-2246-648e-24b4-c5cd383b6f37@gmail.com> <F42958A5-F0F6-44CE-A290-E21A1BFD517B@sigsegv.be>
next in thread | previous in thread | raw e-mail | index | archive | help
rdr pass log proto udp \
from {<all-public-ip-space>,<all-rfc1918-space>} \
to <pxe-servers> port tftp \
tag ALLOWED \
-> 127.0.0.1 port 6969
There is a pass quick tagged ALLOWED later in rules.
/etc/inetd.conf contains:
acmsoda dgram udp wait root /usr/libexec/tftp-proxy tftp-proxy
Depending on circumstances, we see a lot or a very few of the following
messages:
"pf connection lookup failed (no rdr?)"
We also see very slow tftp response through the 11.1 firewall, with
occasional complete failures.
On 12/03/2017 11:40 AM, Kristof Provost wrote:
> On 2 Dec 2017, at 4:56, John Jasen wrote:
>> Attempts to run tftp-proxy across a freebsd system running pf result in
>> very slow performance and an endless amount of:
>>
>> "pf connection lookup failed (no rdr?)"
>> Is there something that has regressed in 11.1, or am I missing something?
>>
> I’m not aware of any such regressions, but that of course doesn’t mean the
> can’t be there.
>
> Can you post the relevant bits of your rules/configuration? A small test case
> would be ideal.
>
> Regards,
> Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9f0fc087-2aed-535e-c779-be0cc49cde26>