2011/2/25 Krzysztof Olędzki <[email protected]>: > Proxing FTP is much more complicated than simply providing one additional > command for passing client's IP address. > > Please note that FTP is based on two independent TCP connections: control > and data. You need to analyze a control stream and modify on-fly data (port > numbers and ip addresses) and set up additional sockets and initiate > additional connections to handle data stream. To do this you also need to > handle both PASV/EPSV (passive) and PORT/EPRT (active) modes. > > It is of course doable but the amount of work is quite big. I even was > recently asked to implement such function as a sponsored feature. After a > short conversation with my possible employer we decided that it would took > too much time to be profitable and cost effective. Instead another solution > was chosen - LVS DR.
I have all of that figured out. I simply would like to have the client's IP address. I only use HAProxy for the command channel. Data channel is handled simply by choosing a different PASV port range for each backend server, and NATing the right range to the right server. Outbound Active connections are similarly S-NAT'd to the appropriate outbound address. I just want the last piece of the puzzle. As always, in parallel I am building a mainline kernel 2.6.37.2, while I am investigating other options.
