On Fri, Feb 25, 2011 at 03:52:56PM -0500, Ben Timby wrote: > 2011/2/25 Krzysztof Ol??dzki <o...@ans.pl>: > > Proxing FTP is much more complicated than simply providing one additional > > command for passing client's IP address. > > > > Please note that FTP is based on two independent TCP connections: control > > and data. You need to analyze a control stream and modify on-fly data (port > > numbers and ip addresses) and set up additional sockets and initiate > > additional connections to handle data stream. To do this you also need to > > handle both PASV/EPSV (passive) and PORT/EPRT (active) modes. > > > > It is of course doable but the amount of work is quite big. I even was > > recently asked to implement such function as a sponsored feature. After a > > short conversation with my possible employer we decided that it would took > > too much time to be profitable and cost effective. Instead another solution > > was chosen - LVS DR. > > I have all of that figured out. I simply would like to have the > client's IP address. > > I only use HAProxy for the command channel. Data channel is handled > simply by choosing a different PASV port range for each backend > server, and NATing the right range to the right server. > > Outbound Active connections are similarly S-NAT'd to the appropriate > outbound address. > > I just want the last piece of the puzzle.
I must admit I'm not sure I really understand how your whole thing will work. Would you please show us the sequence of commands and exchanges you'd get between the client, haproxy and the server for both the command and data connection ? My point is simple : if this hack makes it possible to simply provide FTP load balancing to users who can't easily reconfigure routing, client or server settings, we could consider it. But if this only works in your own environment, you'd better have it as a specific patch, because we can't implement and support everyone's specific use case. Regards, Willy
