[Dnsmasq-discuss] Single-port mode for TFTP

Kurt H Maier khm at sciops.net
Tue Dec 31 07:45:22 GMT 2019

On Mon, Dec 30, 2019 at 12:51:30PM +0100, kvaps wrote:
> Note that Kubernetes uses NAT for external services, so it's not possible
> to run TFTP-server for external clients there. There is one proposed
> solution for that, it suggests moving away from the RFC and implement
> --single-port option for always reply from the same port which was   
> requested by the client.
That approach is dangerously broken.  The transfer IDs and the ports are
supposed to match; ramming everything over a single port is going to    
break down when you have a lot of transfers happening simultaneously.
If you need this kind of functionality in Kubernetes you're much better
off using a different CNI plugin to manage your networking.  There's no
inherent NAT requirement imposed by Kubernetes itself.

More information about the Dnsmasq-discuss mailing list