Netgate SG-1000 microFirewall

Author Topic: Allow TFTP service to run on CARP VIPs: $100  (Read 1654 times)

0 Members and 1 Guest are viewing this topic.

Offline gdi2k

  • Newbie
  • *
  • Posts: 18
  • Karma: +1/-0
    • View Profile
Allow TFTP service to run on CARP VIPs: $100
« on: July 02, 2015, 11:00:49 pm »
We depend on a reliable TFTP service to boot diskless clients via PXE. We use the pfsense TFTP plugin for this purpose, which works well. We also use CARP to failover to a second pfsense box in the event of a failure. We would like for the TFTP service to also failover to the second pfsense box in a failure event.

However, if point pxe clients to the LAN CARP VIP, they fail to boot (time out). We have to point them at one or the other real pfsense IP for them to boot. This means that we have to manually reconfigure DHCP service to point booting clients to the secondary pfsesne IP in the event of a failure.

We would like to be able to select CARP VIPs as well as real IPs in the TFTP service user interface (/tftp_files.php). An example of this sort of network interface selection list can be seen on the unbound user interface (/services_unbound.php).

I would happily offer $100 for the this functionality.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21619
  • Karma: +1485/-26
    • View Profile
Re: Allow TFTP service to run on CARP VIPs: $100
« Reply #1 on: July 06, 2015, 01:42:35 pm »
That may be difficult/impossible to pull off. The tftpd binary doesn't appear to have a way to bind to a specific IP address and changing inetd to only bind to specific IP addresses may have other unintended negative effects.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!