Discussion:
Nginx reverse proxy for TFTP UDP port 69 traffic
Eric Feldhusen
2017-03-07 21:21:56 UTC
Permalink
I’m trying to use Nginx to reverse proxy TFTP UDP port 69 traffic and I”m having a problem with getting files through the nginx reverse proxy.

My configuration is simple, I’m running TFTP on one Centos 6.x server and the Nginx reserve proxy on another Centos 6.x server with the latest Nginx mainline 1.11.10 from the nginx.org <http://nginx.org/> repository.

TFTP connections to the TFTP server directly work. Using the same commands through the Nginx reverse proxy, connects, but will not download or upload a file through it.

If you have any suggestions, I’d appreciate a nudge in the right direction. I’m assuming it’s something I’m missing.

Eric Feldhusen

My configuration is below. The TFTP server is at 192.168.1.11 and the Nginx reverse proxy is at 192.168.1.145. No firewalls on either server.

stream {
upstream staging_tftp_servers {
server 192.168.1.70:69;
}

server {
listen 69 udp; #udp
proxy_pass staging_tftp_servers;
error_log /var/log/nginx/tftp.log info;
}
}

I’m seeing these in the tftp.log

2017/03/06 14:34:44 [info] 32676#32676: *554 udp upstream disconnected, bytes from/to client:36/0, bytes from/to upstream:0/36
2017/03/06 14:34:46 [info] 32676#32676: *556 udp upstream disconnected, bytes from/to client:36/0, bytes from/to upstream:0/36
2017/03/06 14:34:47 [info] 32676#32676: *1439 udp client 10.1.0.14:2277 connected to 0.0.0.0:69
2017/03/06 14:34:47 [info] 32676#32676: *1439 udp proxy 192.168.1.145:37961 connected to 192.168.1.11:69
2017/03/06 14:34:48 [info] 32676#32676: *558 udp upstream disconnected, bytes from/to client:23/0, bytes from/to upstream:0/23
2017/03/06 14:34:48 [info] 32676#32676: *560 udp upstream disconnected, bytes from/to client:36/0, bytes from/to upstream:0/36
2017/03/06 14:34:49 [info] 32676#32676: *1441 udp client 10.1.0.15:1090 connected to 0.0.0.0:69
2017/03/06 14:34:49 [info] 32676#32676: *1441 udp proxy 192.168.1.145:38526 connected to 192.168.1.11:69
2017/03/06 14:34:50 [info] 32676#32676: *562 udp upstream disconnected, bytes from/to client:36/0, bytes from/to upstream:0/36
2017/03/06 14:34:53 [info] 32676#32676: *1443 udp client 10.1.0.14:2277 connected to 0.0.0.0:69
2017/03/06 14:34:53 [info] 32676#32676: *1443 udp proxy 192.168.1.145:38689 connected to 192.168.1.11:69
2017/03/06 14:34:56 [info] 32676#32676: *564 udp upstream disconnected, bytes from/to client:23/0, bytes from/to upstream:0/23
2017/03/06 14:34:56 [info] 32676#32676: *566 udp upstream disconnected, bytes from/to client:36/0, bytes from/to upstream:0/36
Eric Feldhusen
2017-03-07 22:54:49 UTC
Permalink
I’m trying to use Nginx to reverse proxy TFTP UDP port 69 traffic and
I”m having a problem with getting files through the nginx reverse proxy.
My configuration is simple, I’m running TFTP on one Centos 6.x server
and the Nginx reserve proxy on another Centos 6.x server with the latest
Nginx mainline 1.11.10 from the nginx.org <http://nginx.org> repository.
TFTP connections to the TFTP server directly work. Using the same
commands through the Nginx reverse proxy, connects, but will not
download or upload a file through it.
If you have any suggestions, I’d appreciate a nudge in the right
direction. I’m assuming it’s something I’m missing.
Eric Feldhusen
Unfortunately, TFTP will not work, because it requires
that after initial server's reply client will send packets
to the port, chosen by server (i.e. not 69. but some auto-assigned).
also, TFTP server recognizes clients by its source port and
it changes when a packet passes proxy - each packet is originating
from a new source port on proxy.
Ah, I had just started to look up specifically how TFTP connections work, so I hadn’t seen this yet, but that makes sense with what I was seeing.

Thank you for the quick reply, I appreciate it.

Eric Feldhusen
Eric Feldhusen
2017-03-09 13:08:22 UTC
Permalink
On Mar 7, 2017, at 4:58 PM, Vladimir Homutov <***@nginx.com> wrote:

On 08.03.2017 00:21, Eric Feldhusen wrote:

I’m trying to use Nginx to reverse proxy TFTP UDP port 69 traffic and
I”m having a problem with getting files through the nginx reverse proxy.

My configuration is simple, I’m running TFTP on one Centos 6.x server
and the Nginx reserve proxy on another Centos 6.x server with the latest
Nginx mainline 1.11.10 from the nginx.org <http://nginx.org> repository.

TFTP connections to the TFTP server directly work. Using the same
commands through the Nginx reverse proxy, connects, but will not
download or upload a file through it.

If you have any suggestions, I’d appreciate a nudge in the right
direction. I’m assuming it’s something I’m missing.

Eric Feldhusen


Unfortunately, TFTP will not work, because it requires
that after initial server's reply client will send packets
to the port, chosen by server (i.e. not 69. but some auto-assigned).
also, TFTP server recognizes clients by its source port and
it changes when a packet passes proxy - each packet is originating
from a new source port on proxy.


Ah, I had just started to look up specifically how TFTP connections work,
so I hadn’t seen this yet.

But that makes sense with what I was seeing. Thank you for the quick
reply, I appreciate it.

Eric Feldhusen

Loading...