[tproxy] Problem with tproxy and active-FTP
tomerl lekach
tomer.lekach at gmail.com
Wed Aug 24 13:19:02 CEST 2005
Hello all,
I'm using tproxy for a transparent active FTP proxy application.
Clients use active-ftp towards the server, so my proxy gets "active"
data connections initiated by the server from source port 20
(ftp-data) destined to the client to some high destination port.
My application is using iptables (v1.2.8) rules to forward the
incoming packets into an internal IP/Port used by the application.
Then the application initiates a new connection to the client, using
the same IP/Port of the connection coming from the FTP server.
I face a problem that after a number of such successful connections
with the right NAT, I see SYN packets leaving towards the client with
an "internal" source Port, instead of source port 20 (as was used by
the server).
I'm using 2.4.18-24.8.0 linux kernel version, and the tproxy patch of
2.4.21-23 (cttproxy-2.4.21-23.tar.gz).
Did you ever see such behavior and do you know how this can be fixed?
Thanks in advance,
Tomer.
More information about the tproxy
mailing list