<div dir="auto"><div>No, there is need to respond exact from the same port which get an request.</div><div dir="auto">There is no way to configure firewall and use tftp-helper in Kubernetes, it's environments is very dynamic and might use different backends, eg ipvs and iptables.</div><div dir="auto"><br></div><div dir="auto">Please read this issue for more information:</div><div dir="auto"><a href="https://github.com/kubernetes/kubernetes/issues/26718">https://github.com/kubernetes/kubernetes/issues/26718</a><br></div><div dir="auto"><br><div class="gmail_quote" dir="auto"><div dir="ltr" class="gmail_attr">On Tue, Dec 31, 2019, 07:20 john doe <<a href="mailto:johndoe65534@mail.com">johndoe65534@mail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 12/30/2019 6:34 PM, kvaps wrote:<br>
> On Mon, Dec 30, 2019 at 2:42 PM john doe <<a href="mailto:johndoe65534@mail.com" target="_blank" rel="noreferrer">johndoe65534@mail.com</a>> wrote:<br>
><br>
>> Isn't the below flag what you want from (1):<br>
>><br>
>> "--tftp-port-range=<start>,<end><br>
>> A TFTP server listens on a well-known port (69) for connection<br>
>> initiation, but it also uses a dynamically-allocated port for each<br>
>> connection. Normally these are allocated by the OS, but this option<br>
>> specifies a range of ports for use by TFTP transfers. This can be useful<br>
>> when TFTP has to traverse a firewall. The start of the range cannot be<br>
>> lower than 1025 unless dnsmasq is running as root. The number of<br>
>> concurrent TFTP connections is limited by the size of the port range."<br>
>><br>
>><br>
>> 1) <a href="http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html" rel="noreferrer noreferrer" target="_blank">http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html</a><br>
>><br>
>> --<br>
>> John Doe<br>
>><br>
><br>
> Hi John,<br>
><br>
> Unfrtunately it isn't working correctly:<br>
><br>
> if I run dnsmasq with static port range:<br>
><br>
> dnsmasq -d --enable-tftp --tftp-port-range=69,69<br>
><br>
> It reports an error:<br>
><br>
> dnsmasq-tftp: unable to get free port for TFTP<br>
><br>
> when I tries to download any file<br>
><br>
<br>
You can not specify 69 here, with the current implimentation, you need<br>
to open an other port for TFTP transfer.<br>
<br>
Can't you open two ports?<br>
<br>
Have you considered using a TFTP helper in your Firewall?<br>
<br>
--<br>
John Doe<br>
<br>
_______________________________________________<br>
Dnsmasq-discuss mailing list<br>
<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank" rel="noreferrer">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
<a href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss" rel="noreferrer noreferrer" target="_blank">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br>
</blockquote></div></div></div>