[tproxy] Problem with tproxy and active-FTP

tomerl lekach tomer.lekach at gmail.com
Wed Aug 24 13:19:02 CEST 2005


Hello all,

I'm using tproxy for a transparent active FTP proxy application.
Clients use active-ftp towards the server, so my proxy gets "active"
data connections initiated by the server from source port 20
(ftp-data) destined to the client to some high destination port.

My application is using iptables (v1.2.8) rules to forward the
incoming packets into an internal IP/Port used by the application.
Then the application initiates a new connection to the client, using
the same IP/Port of the connection coming from the FTP server.

I face a problem that after a number of such successful connections
with the right NAT, I see SYN packets leaving towards the client with
an "internal" source Port, instead of source port 20 (as was used by
the server).

I'm using 2.4.18-24.8.0 linux kernel version, and the tproxy patch of 
2.4.21-23 (cttproxy-2.4.21-23.tar.gz).

Did you ever see such behavior and do you know how this can be fixed?

Thanks in advance,

Tomer.


More information about the tproxy mailing list