PFSense 2.3 broke tftp proxy feature

chifoomi

Hi All,

After 2.3 upgrade from 2.2.6, tftp proxy stopped working between internal lans.
Here's the system log when a tftp boot request is coming :

Apr 30 17:32:35 xinetd 89329 dup2( 0, 0 ) failed: Bad file descriptor (errno = 9)
Apr 30 17:32:35 xinetd 89329 fcntl( 0, clear close-on-exec ) failed: Bad file descriptor (errno = 9)
Apr 30 17:32:35 xinetd 89329 warning: can't get client address: Bad file descriptor
Apr 30 17:32:27 xinetd 87468 dup2( 0, 0 ) failed: Bad file descriptor (errno = 9)
Apr 30 17:32:27 xinetd 87468 fcntl( 0, clear close-on-exec ) failed: Bad file descriptor (errno = 9)
Apr 30 17:32:27 xinetd 87468 warning: can't get client address: Bad file descriptor
Apr 30 17:32:21 xinetd 86312 dup2( 0, 0 ) failed: Bad file descriptor (errno = 9)
Apr 30 17:32:21 xinetd 86312 fcntl( 0, clear close-on-exec ) failed: Bad file descriptor (errno = 9)
Apr 30 17:32:21 xinetd 86312 warning: can't get client address: Bad file descriptor
Apr 30 17:32:17 xinetd 86173 dup2( 0, 0 ) failed: Bad file descriptor (errno = 9)
Apr 30 17:32:17 xinetd 86173 fcntl( 0, clear close-on-exec ) failed: Bad file descriptor (errno = 9)
Apr 30 17:32:17 xinetd 86173 warning: can't get client address: Bad file descriptor
Apr 30 17:32:15 xinetd 85989 dup2( 0, 0 ) failed: Bad file descriptor (errno = 9)
Apr 30 17:32:15 xinetd 85989 fcntl( 0, clear close-on-exec ) failed: Bad file descriptor (errno = 9)
Apr 30 17:32:15 xinetd 85989 warning: can't get client address: Bad file descriptor

I've tried to re-select interfaces in Advanced setup for TFTP Proxy and reboot with no luck.
My setup is made of a cluster using CARP and TFTP Proxy is broken on both master and slave.

Any idea ?
Thanks in advance.

Jburkey

We are also experiencing this problem. Our phone tftp server (Freepbx/Asterisk) is in the cloud. In 2.2.6 we were able to provision our phones perfectly. After the upgrade we are no longer able to provision. I also was able on 2.2.6 to image from our SCCM/WDS server. After the upgrade the clients no longer can receive the pxe boot file.

I was able to confirm that the traffic is not passing between my 2 networks by running tftp -I IPaddress GET smsboot\x86\pxeboot.n12. However if I am on the same network everything is fine.

JayBurkey

Just to update everyone, I contacted support and a bug (#6315) has been issued.
https://redmine.pfsense.org/issues/6315

sjag

I try install patch by System_Patches but not work.
Error:
"Patch can NOT be applied cleanly"

How can I install this path?

cmb

You can't install a patch that's for compiled code. Upgrade to 2.3.2 and you'll have the fix. The most recent snapshot is essentially identical to what release will be.
https://forum.pfsense.org/index.php?topic=114283.msg635354#msg635354

sjag

TFTP helper work. Thanks.

I have one additional questions.

TFTP helper bind to IP 127.0.0.1.
My public network is /24. IPv4 interface XXX.XXX.XXX.2.
Server use tftp boot XXX.XXX.XXX.111

I would like that outgoing IP tftp is XXX.XXX.XXX.111, but IP is XXX.XXX.XXX.2.
Outbound NAT rula 127.0.0.0.8 is set to XXX.XXX.XXX.111, bit not work.
How can I set outgoing IP to XXX.XXX.XXX.111. IP is added to IP Alias.