TFTP sending wrong IP address

[derdeagle]

I currently face the issue where the TFTP server seems to answer with the wrong IP address (from Docker). I am using the default docker-compose.yml file.

10.10.0.103 is my client, 10.10.3.6 is the next-server and 192.168.192.2 is the IP address of the Docker container running netboot.xyz.
The following is the tcpdump output on the host machine (where Docker is **running).

11:53:56.340862 IP 10.10.0.103.1024 > 10.10.3.6.69:  46 RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
11:53:56.340922 IP 10.10.0.103.1024 > 192.168.192.2.69:  46 RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
11:53:56.340926 IP 10.10.0.103.1024 > 192.168.192.2.69:  46 RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
11:53:56.723268 IP 10.10.0.103.1024 > 10.10.3.6.69:  46 RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
11:53:56.723308 IP 10.10.0.103.1024 > 192.168.192.2.69:  46 RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
11:53:56.723315 IP 10.10.0.103.1024 > 192.168.192.2.69:  46 RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
11:53:57.492147 IP 10.10.0.103.1024 > 10.10.3.6.69:  46 RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
11:53:57.492206 IP 10.10.0.103.1024 > 192.168.192.2.69:  46 RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
11:53:57.492214 IP 10.10.0.103.1024 > 192.168.192.2.69:  46 RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
11:53:59.029670 IP 10.10.0.103.1024 > 10.10.3.6.69:  46 RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
11:53:59.029734 IP 10.10.0.103.1024 > 192.168.192.2.69:  46 RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
11:53:59.029743 IP 10.10.0.103.1024 > 192.168.192.2.69:  46 RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
11:54:02.106092 IP 10.10.0.103.1024 > 10.10.3.6.69:  46 RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
11:54:02.106157 IP 10.10.0.103.1024 > 192.168.192.2.69:  46 RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
11:54:02.106164 IP 10.10.0.103.1024 > 192.168.192.2.69:  46 RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0

The following is the tcpdump output on docker container itself (please don't mind the time offset).

10:53:56.340927 eth0  In  IP 10.10.0.103.1024 > 192.168.192.2.69: TFTP, length 46, RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
10:53:56.723316 eth0  In  IP 10.10.0.103.1024 > 192.168.192.2.69: TFTP, length 46, RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
10:53:57.492217 eth0  In  IP 10.10.0.103.1024 > 192.168.192.2.69: TFTP, length 46, RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
10:53:59.029745 eth0  In  IP 10.10.0.103.1024 > 192.168.192.2.69: TFTP, length 46, RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0
10:54:02.106165 eth0  In  IP 10.10.0.103.1024 > 192.168.192.2.69: TFTP, length 46, RRQ "netboot.xyz.kpxe" octet blksize 1432 tsize 0

I tried running the Docker container with network_mode: host which leads to the fact that no Docker internal IP address is shown in the TCPdump output but it fails to start fully because of nginx (I have somehting running on port 80 on the hardware server so nginx cannot bind on it).

What do I need to configure in order to get this up and running?

[ikkemaniac]

I see this too, pretty logical as well as the docker container is only ware of its internal nic's if you're not in network_mode: host

That having said; no further/other configuration is need to get this up and running. As long as you fwd port 69/udp you can serve your LAN.

[dezeroku]

I've had similar experience when trying to run netbooxyz containerized without host networking.
The issue here seems to be that TFTP protocol, while accepting requests on port 69, can (should?) use (by the RFC) other ports to actually send the data.
This results in ReadReQuests to pass through to the container just ok, but NAT gets confused when container tries to open connections from other ports to the same host.

A fix for that is running TFTP server in a mode where only port 69 is used for both commands and data.
While this isn't strictly RFC compliant it should work with most clients.
PR adding such capability: #55
With this in place you'd have to set env variable TFTPD_OPTS='--tftp-single-port' and it should work.