diff --git a/kubernetes/readme.md b/kubernetes/readme.md
index 9cb1a8c..c3470e0 100644
--- a/kubernetes/readme.md
+++ b/kubernetes/readme.md
@@ -39,6 +39,18 @@ kubectl -n network apply -f route.yaml
 kubectl -n network apply -f service.yaml
 ```
 
+### CNI settings for the TFTP-Server
+
+Please notice the service configuration for the service:
+- svc-pxboot
+this is from **type: NodePort**.
+This is important, because after a TFTP-client requests a file,
+the TFTP-Server will initiate a new connection and send data back to the client over this new connection.
+So you must configure your **CNI** to **not** use source nat (**SNAT**) for this connections !
+CNI configs:
+- calico [SNAT-Config](https://docs.tigera.io/calico/latest/networking/configuring/workloads-outside-cluster)
+- cilium [SNAT-Config](https://docs.cilium.io/en/stable/network/concepts/masquerading/)
+
 ## Check if netboot.xyz is running
 
 ### Check Deployment, Service and Pod