Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    What IF's to enable TFTP Proxy on ?

    General pfSense Questions
    tftp voip
    2
    5
    217
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bingo600
      bingo600 last edited by bingo600

      I have a setup with 2 pfSense (latest vers) boxes connected via OpenVPN L2L (No NAT on L2L).

      On central site i have anotherProvider supplied OpenVPN GW , going to a remote Phone PBX Site, connected to a PF Vlan.
      On remote site i have a /28 Lan , where a few phones are connected.

      The Phones needs access to a TFTP server on the remote PBX site , in order to load some config files , before connecting to the PBX and join.

      Phones works fine right now , meaning TFTP works and so does routing.
      But when I had enabled TFTP Proxy on all IF's except WAN on both boxes (desperate) , it wouldn't work. And i saw those TFTP @ (proxy) log entries on many interfaces. Prob. too much proxying.

      I had to disable TFTP Proxy (well i couldn't disable it fully , but put it on a sleeping IF) , and then things started to work.

      Right now i have permitted "any" from Remote PBX to the phone /28 , and same the other way.

      If i was to narrow down the permissions and use TFTP Proxy.

      Where does one enable the proxying ??

      On the Phone (tftp initiator/ingress) IF ?
      On the Final (pointing towards the TFTP server/egress) IF ?
      On all IF's where the traffic is passed (tried that wo luck) ?

      Any help would be appreciated.

      TIA

      /Bingo

      If you find my answer useful - Please give the post a "thumbs up"

      2.4.5-RELEASE-p1

      QOTOM-Q355G4 Quad Lan.
      CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
      LAN  : 4 x Intel 211, Disk  : 240G Toshiba Sata SSD

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        You select the interfaces you want the proxy to listen on. Redirect rules are added on those interfaces to catch the initial tftp requests.
        See: https://www.freebsd.org/cgi/man.cgi?query=tftp-proxy

        Steve

        bingo600 1 Reply Last reply Reply Quote 0
        • bingo600
          bingo600 @stephenw10 last edited by

          @stephenw10 said in What IF's to enable TFTP Proxy on ?:

          You select the interfaces you want the proxy to listen on. Redirect rules are added on those interfaces to catch the initial tftp requests.
          See: https://www.freebsd.org/cgi/man.cgi?query=tftp-proxy

          Steve

          But do i need to enable proxy on every interface the TFTP packets are passing , or only on the
          Entry & Exit interfaces ??

          TIA
          /Bingo

          If you find my answer useful - Please give the post a "thumbs up"

          2.4.5-RELEASE-p1

          QOTOM-Q355G4 Quad Lan.
          CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
          LAN  : 4 x Intel 211, Disk  : 240G Toshiba Sata SSD

          1 Reply Last reply Reply Quote 0
          • stephenw10
            stephenw10 Netgate Administrator last edited by stephenw10

            You need to enable it on the entry interface of every firewall the initial request passes though passes through.

            Steve

            bingo600 1 Reply Last reply Reply Quote 1
            • bingo600
              bingo600 @stephenw10 last edited by

              @stephenw10 said in What IF's to enable TFTP Proxy on ?:

              You need to enable it on the entry interface of every firewall the initial request passes though passes through.

              Steve

              Thank you Stephen
              That clears it up :-)

              /Bingo

              If you find my answer useful - Please give the post a "thumbs up"

              2.4.5-RELEASE-p1

              QOTOM-Q355G4 Quad Lan.
              CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
              LAN  : 4 x Intel 211, Disk  : 240G Toshiba Sata SSD

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy