Added some clarifications.
committer: Alexander Gozman <[email protected]> timestamp: Tue 2017-02-14 21:46:28 +0300 message: Native FTP relay: NAT and TPROXY interception fixes. diff: === modified file 'src/servers/FtpServer.cc' --- src/servers/FtpServer.cc 2017-01-01 00:14:42 +0000 +++ src/servers/FtpServer.cc 2017-02-14 18:46:28 +0000 @@ -1455,7 +1455,22 @@ // Use local IP address of the control connection as the source address // of the active data connection, or some clients will refuse to accept. - conn->setAddrs(clientConnection->local, cltAddr); + if (clientConnection->flags & COMM_TRANSPARENT) { + conn->setAddrs(clientConnection->local, cltAddr); + conn->flags |= COMM_TRANSPARENT; + } else { + // In case of NAT interception conn->local value is not set + // because the TCP stack will automatically pick correct source + // address for the data connection. We must only ensure that IP + // version matches client's address. + conn->local.setAnyAddr(); + + if (cltAddr.isIPv4()) + conn->local.setIPv4(); + + conn->remote = cltAddr; + } + // RFC 959 requires active FTP connections to originate from port 20 // but that would preclude us from supporting concurrent transfers! (XXX?) conn->local.port(0);
_______________________________________________ squid-dev mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-dev
