Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What IF's to enable TFTP Proxy on ?

    Scheduled Pinned Locked Moved General pfSense Questions
    tftp voip
    5 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bingo600B
      bingo600
      last edited by bingo600

      I have a setup with 2 pfSense (latest vers) boxes connected via OpenVPN L2L (No NAT on L2L).

      On central site i have anotherProvider supplied OpenVPN GW , going to a remote Phone PBX Site, connected to a PF Vlan.
      On remote site i have a /28 Lan , where a few phones are connected.

      The Phones needs access to a TFTP server on the remote PBX site , in order to load some config files , before connecting to the PBX and join.

      Phones works fine right now , meaning TFTP works and so does routing.
      But when I had enabled TFTP Proxy on all IF's except WAN on both boxes (desperate) , it wouldn't work. And i saw those TFTP @ (proxy) log entries on many interfaces. Prob. too much proxying.

      I had to disable TFTP Proxy (well i couldn't disable it fully , but put it on a sleeping IF) , and then things started to work.

      Right now i have permitted "any" from Remote PBX to the phone /28 , and same the other way.

      If i was to narrow down the permissions and use TFTP Proxy.

      Where does one enable the proxying ??

      On the Phone (tftp initiator/ingress) IF ?
      On the Final (pointing towards the TFTP server/egress) IF ?
      On all IF's where the traffic is passed (tried that wo luck) ?

      Any help would be appreciated.

      TIA

      /Bingo

      If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

      pfSense+ 23.05.1 (ZFS)

      QOTOM-Q355G4 Quad Lan.
      CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
      LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        You select the interfaces you want the proxy to listen on. Redirect rules are added on those interfaces to catch the initial tftp requests.
        See: https://www.freebsd.org/cgi/man.cgi?query=tftp-proxy

        Steve

        bingo600B 1 Reply Last reply Reply Quote 0
        • bingo600B
          bingo600 @stephenw10
          last edited by

          @stephenw10 said in What IF's to enable TFTP Proxy on ?:

          You select the interfaces you want the proxy to listen on. Redirect rules are added on those interfaces to catch the initial tftp requests.
          See: https://www.freebsd.org/cgi/man.cgi?query=tftp-proxy

          Steve

          But do i need to enable proxy on every interface the TFTP packets are passing , or only on the
          Entry & Exit interfaces ??

          TIA
          /Bingo

          If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

          pfSense+ 23.05.1 (ZFS)

          QOTOM-Q355G4 Quad Lan.
          CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
          LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by stephenw10

            You need to enable it on the entry interface of every firewall the initial request passes though passes through.

            Steve

            bingo600B 1 Reply Last reply Reply Quote 1
            • bingo600B
              bingo600 @stephenw10
              last edited by

              @stephenw10 said in What IF's to enable TFTP Proxy on ?:

              You need to enable it on the entry interface of every firewall the initial request passes though passes through.

              Steve

              Thank you Stephen
              That clears it up :-)

              /Bingo

              If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

              pfSense+ 23.05.1 (ZFS)

              QOTOM-Q355G4 Quad Lan.
              CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
              LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.