|
On Sat, 26 Nov 2005, Joseph Mack NA3T wrote:
> On Fri, 25 Nov 2005, Mark de Vries wrote:
>
> > I don't think that would help much. The src port is not always the same.
> > vsftpd (prolly) just connects without binding to a specific port, just
> > getting a random one in the ip_local_port_range...
>
> so I only need to put in a note of caution in the HOWTO?
Yeah, I think it may be worth a mention. Perhaps also mention how you can
work around the problem and get it working with some SNAT iptable rules...
(As mentioned by Greame(?) IIRC.) I implemented this and now things are
working fine.
> > Is there anything against not matching on the src port like the
> > ip_contrack(_ftp) stuff?
>
> you mean figure out the data-port on the fly?
Exactly. The same thing is done for passive FTP where the port the client
connects from is also unknown, and only filled in when it actually
connects.
I've looked at the code but it's a bit too much for me to grasp in short
time... But from what I do (think I) understand it seems that implementing
this for the active case is more than trivial.
Is there any documentation targeted at developers/hackers other than the
code itself? Figuring out how it all fits together from just reading the
src is verry time consuming (for me at least) and time is something I have
little to spare...
Grds,
Mark.
> Joe
>
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
Regards,
Mark
|
