Hello all, I'm using tproxy for a transparent active FTP proxy application. Clients use active-ftp towards the server, so my proxy gets "active" data connections initiated by the server from source port 20 (ftp-data) destined to the client to some high destination port. My application is using iptables (v1.2.8) rules to forward the incoming packets into an internal IP/Port used by the application. Then the application initiates a new connection to the client, using the same IP/Port of the connection coming from the FTP server. I face a problem that after a number of such successful connections with the right NAT, I see SYN packets leaving towards the client with an "internal" source Port, instead of source port 20 (as was used by the server). I'm using 2.4.18-24.8.0 linux kernel version, and the tproxy patch of 2.4.21-23 (cttproxy-2.4.21-23.tar.gz). Did you ever see such behavior and do you know how this can be fixed? Thanks in advance, Tomer.