ftp-proxy -S option
chris scott
chris.scott at uk.tiscali.com
Sat Feb 24 19:58:49 UTC 2007
Hi all,
I'm having a few issues with ftp-proxy. Specifically the -S switch.
First a bit of background. I am trying to get my ftp connections to
spread reasonably evenly over multiple public ip addresses to a specific
server. Im not going into the reasons why as its not really relevant.
The way I am doing this is to run multiple instances of ftp-proxy on
mulitple loopback addresses. I am getting them to use a difference
source address for their data connections. e.g.
rdr on $int_if proto tcp from any to y.y.y.y port ftp -> {127.0.0.1,
127.0.0.2, 127.0.0.3 } port 8021 round-robin
eg my xinetd conf
service ftp-proxy
{
socket_type = stream
protocol = tcp
wait = no
bind = 127.0.0.1
user = root
server = /usr/libexec/ftp-proxy
server_args = -S x.x.x.90 #-S x.x.x.90 -D 4
}
service ftp-proxy
{
socket_type = stream
protocol = tcp
wait = no
user = root
bind = 127.0.0.2
server = /usr/libexec/ftp-proxy
server_args = -S x.x.x..92 # -S x.x.x.92 -D 4
}
service ftp-proxy
{
socket_type = stream
protocol = tcp
wait = no
bind = 127.0.0.3
user = root
server = /usr/libexec/ftp-proxy
server_args = -S x.x.x.93 #-S x.x.x.93 -D 4
}
the firewall bit is working fine and balancing to connections across the
proxys
$ ps uaxw| grep ftp-prox
proxy 85292 0.4 0.1 1524 928 ?? Ss 7:14PM 0:05.78
ftp-proxy -S x.x.x.90
proxy 85281 0.3 0.1 1524 928 ?? Ss 7:13PM 0:06.57
ftp-proxy -S x.x.x.90
proxy 84903 0.3 0.1 1524 928 ?? Ss 7:00PM 0:15.81
ftp-proxy -S x.x.x.93
proxy 84785 0.2 0.1 1524 928 ?? Ss 6:59PM 0:16.75
ftp-proxy -S x.x.x.92
proxy 85282 0.1 0.1 1524 928 ?? Rs 7:13PM 0:06.08
ftp-proxy -S x.x.x.92
proxy 84426 0.0 0.1 1524 932 ?? Is 6:45PM 0:03.19
ftp-proxy -S x.x.x.92
proxy 84464 0.0 0.1 1524 932 ?? Is 6:46PM 0:02.28
ftp-proxy -S x.x.x.93
proxy 85283 0.0 0.1 1524 928 ?? Ss 7:13PM 0:06.70
ftp-proxy -S x.x.x.93
proxy 85293 0.0 0.1 1524 928 ?? Ss 7:14PM 0:05.77
ftp-proxy -S x.x.x.92
however the proxy never binds to the correct address. Just the 1st
address on the interface.
$ sockstat | grep ftp-p | grep 212
proxy ftp-proxy 85616 4 tcp4 x.x.x.90:52626 y.y.y.y:21
proxy ftp-proxy 85616 5 tcp4 x.x.x.90:56106 y.y.y.y:52709
proxy ftp-proxy 85615 4 tcp4 x.x.x.90:58237 y.y.y.y:21
proxy ftp-proxy 85615 5 tcp4 x.x.x.90:53315 y.y.y.y:49947
proxy ftp-proxy 85614 4 tcp4 x.x.x.90:56103 y.y.y.y:21
proxy ftp-proxy 85614 5 tcp4 x.x.x.90:56914 y.y.y.y:50567
proxy ftp-proxy 85606 4 tcp4 x.x.x.90:53223 y.y.y.y:21
proxy ftp-proxy 85606 5 tcp4 x.x.x.90:55990 y.y.y.y:56187
proxy ftp-proxy 85605 4 tcp4 x.x.x.90:64966 y.y.y.y:21
proxy ftp-proxy 85605 5 tcp4 x.x.x.90:65267 y.y.y.y:62529
proxy ftp-proxy 85558 4 tcp4 x.x.x.90:58623 y.y.y.y:21
proxy ftp-proxy 85558 5 tcp4 x.x.x.90:54959 y.y.y.y:61487
proxy ftp-proxy 84903 4 tcp4 x.x.x.90:51710 y.y.y.y:21
proxy ftp-proxy 84903 5 tcp4 x.x.x.90:50683 y.y.y.y:59277
proxy ftp-proxy 84785 4 tcp4 x.x.x.90:53081 y.y.y.y:21
proxy ftp-proxy 84785 5 tcp4 x.x.x.90:49415 y.y.y.y:57069
proxy ftp-proxy 84464 4 tcp4 x.x.x.90:54277 y.y.y.y:21
proxy ftp-proxy 84426 4 tcp4 x.x.x.90:63585 y.y.y.y:21
Can anyone shed any light. I have tried the -s swich and that just bombs
the proxy completely as does using both of them together.
k
More information about the freebsd-pf
mailing list