On 2011-02-25 18:29, Ben Timby wrote:
First of all, sorry for the previous list spam. I pasted the wrong
address while subscribing.
I am setting up FTP load balancing using HAProxy. The rub is that I
want something similar to the X-Forwarded-For header supported in
HTTP.
I am aware of TPROXY, but I don't wish to maintain my own packages for
the kernel, xen and all the dependencies this entails.
TPROXY is now included in the mainline. Howevwe, I'm not sure if it is
the solution you are interested in.
A simpler user-space solution would suit me much better. I would like
to patch HAProxy so that it provides specialized FTP handling in the
form of an FTP SITE command. Such that when optionally enabled, it
will inject the following FTP command at the beginning of the TCP
stream.
SITE IP=XXX.XXX.XXX.XXX
My backend FTP server will know how to deal with this site command and
store the IP address for use internally.
This would negate the need for TPROXY and seems fairly
straightforward. Any feedback or thoughts on this topic?
Proxing FTP is much more complicated than simply providing one
additional command for passing client's IP address.
Please note that FTP is based on two independent TCP connections:
control and data. You need to analyze a control stream and modify on-fly
data (port numbers and ip addresses) and set up additional sockets and
initiate additional connections to handle data stream. To do this you
also need to handle both PASV/EPSV (passive) and PORT/EPRT (active) modes.
It is of course doable but the amount of work is quite big. I even was
recently asked to implement such function as a sponsored feature. After
a short conversation with my possible employer we decided that it would
took too much time to be profitable and cost effective. Instead another
solution was chosen - LVS DR.
Best regards,
Krzysztof Olędzki
