[Dnsmasq-discuss] Single-port mode for TFTP
Kurt H Maier
khm at sciops.net
Tue Dec 31 07:45:22 GMT 2019
On Mon, Dec 30, 2019 at 12:51:30PM +0100, kvaps wrote:
> Note that Kubernetes uses NAT for external services, so it's not possible
> to run TFTP-server for external clients there. There is one proposed
> solution for that, it suggests moving away from the RFC and implement
> --single-port option for always reply from the same port which was
> requested by the client.
That approach is dangerously broken. The transfer IDs and the ports are
supposed to match; ramming everything over a single port is going to
break down when you have a lot of transfers happening simultaneously.
If you need this kind of functionality in Kubernetes you're much better
off using a different CNI plugin to manage your networking. There's no
inherent NAT requirement imposed by Kubernetes itself.
More information about the Dnsmasq-discuss