From owner-freebsd-pf@FreeBSD.ORG  Sat Feb 24 19:58:49 2007
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4B30116A402
	for <freebsd-pf@freebsd.org>; Sat, 24 Feb 2007 19:58:49 +0000 (UTC)
	(envelope-from chris.scott@uk.tiscali.com)
Received: from mk-ironport-1-in.mail.uk.tiscali.com
	(mk-ironport-1-in.mail.uk.tiscali.com [212.74.96.52])
	by mx1.freebsd.org (Postfix) with ESMTP id E182A13C428
	for <freebsd-pf@freebsd.org>; Sat, 24 Feb 2007 19:58:48 +0000 (UTC)
	(envelope-from chris.scott@uk.tiscali.com)
Received: from internal.mail.uk.tiscali.com ([212.74.96.51])
	by mk-ironport-1-in.mail.uk.tiscali.com with ESMTP;
	24 Feb 2007 19:29:07 +0000
X-BrightmailFiltered: true
X-IronPort-AV: i="4.14,215,1170633600"; 
	d="scan'208"; a="65860905:sNHT29321460"
Received: from [10.44.30.80] (port=49313 helo=[10.44.30.80])
	by internal.mail.uk.tiscali.com
	with esmtp (Exim 4.43 #1 (FreeBSD)) id 1HL2Zv-0002tu-IB
	for <freebsd-pf@freebsd.org>; Sat, 24 Feb 2007 19:29:07 +0000
Message-ID: <45E09204.70500@uk.tiscali.com>
Date: Sat, 24 Feb 2007 19:29:08 +0000
From: chris scott <chris.scott@uk.tiscali.com>
User-Agent: Thunderbird 1.5.0.9 (X11/20070104)
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: ftp-proxy -S option
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Feb 2007 19:58:49 -0000

Hi all,

I'm having a few issues with ftp-proxy. Specifically the -S switch.

First a bit of background. I am trying to get my ftp connections to 
spread reasonably evenly over multiple public ip addresses to a specific 
server. Im not going into the reasons why as its not really relevant.

The way I am doing this is to run multiple instances of ftp-proxy on 
mulitple loopback addresses. I am getting them to use a difference 
source address for their data connections. e.g.

rdr on $int_if proto tcp from any to  y.y.y.y port ftp -> {127.0.0.1, 
127.0.0.2, 127.0.0.3 } port 8021 round-robin


eg my xinetd conf


service ftp-proxy
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        bind            = 127.0.0.1
        user            = root
        server          = /usr/libexec/ftp-proxy
        server_args     = -S x.x.x.90 #-S x.x.x.90 -D 4
}

service ftp-proxy
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        bind            = 127.0.0.2
        server          = /usr/libexec/ftp-proxy
        server_args     = -S x.x.x..92 # -S x.x.x.92 -D 4
}

service ftp-proxy
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        bind            = 127.0.0.3
        user            = root
        server          = /usr/libexec/ftp-proxy
        server_args     = -S x.x.x.93  #-S x.x.x.93 -D 4
}



the firewall bit is working fine and balancing to connections across the 
proxys
$ ps uaxw| grep ftp-prox
proxy    85292  0.4  0.1  1524   928  ??  Ss    7:14PM   0:05.78 
ftp-proxy -S x.x.x.90
proxy    85281  0.3  0.1  1524   928  ??  Ss    7:13PM   0:06.57 
ftp-proxy -S x.x.x.90
proxy    84903  0.3  0.1  1524   928  ??  Ss    7:00PM   0:15.81 
ftp-proxy -S x.x.x.93
proxy    84785  0.2  0.1  1524   928  ??  Ss    6:59PM   0:16.75 
ftp-proxy -S x.x.x.92
proxy    85282  0.1  0.1  1524   928  ??  Rs    7:13PM   0:06.08 
ftp-proxy -S x.x.x.92
proxy    84426  0.0  0.1  1524   932  ??  Is    6:45PM   0:03.19 
ftp-proxy -S x.x.x.92
proxy    84464  0.0  0.1  1524   932  ??  Is    6:46PM   0:02.28 
ftp-proxy -S x.x.x.93
proxy    85283  0.0  0.1  1524   928  ??  Ss    7:13PM   0:06.70 
ftp-proxy -S x.x.x.93
proxy    85293  0.0  0.1  1524   928  ??  Ss    7:14PM   0:05.77 
ftp-proxy -S x.x.x.92

 

however the proxy never binds to the correct address. Just the 1st 
address on the interface.

$ sockstat | grep ftp-p | grep 212 
proxy    ftp-proxy  85616 4  tcp4   x.x.x.90:52626     y.y.y.y:21
proxy    ftp-proxy  85616 5  tcp4   x.x.x.90:56106     y.y.y.y:52709
proxy    ftp-proxy  85615 4  tcp4   x.x.x.90:58237     y.y.y.y:21
proxy    ftp-proxy  85615 5  tcp4   x.x.x.90:53315     y.y.y.y:49947
proxy    ftp-proxy  85614 4  tcp4   x.x.x.90:56103     y.y.y.y:21
proxy    ftp-proxy  85614 5  tcp4   x.x.x.90:56914     y.y.y.y:50567
proxy    ftp-proxy  85606 4  tcp4   x.x.x.90:53223     y.y.y.y:21
proxy    ftp-proxy  85606 5  tcp4   x.x.x.90:55990     y.y.y.y:56187
proxy    ftp-proxy  85605 4  tcp4   x.x.x.90:64966     y.y.y.y:21
proxy    ftp-proxy  85605 5  tcp4   x.x.x.90:65267     y.y.y.y:62529
proxy    ftp-proxy  85558 4  tcp4   x.x.x.90:58623     y.y.y.y:21
proxy    ftp-proxy  85558 5  tcp4   x.x.x.90:54959     y.y.y.y:61487
proxy    ftp-proxy  84903 4  tcp4   x.x.x.90:51710     y.y.y.y:21
proxy    ftp-proxy  84903 5  tcp4   x.x.x.90:50683     y.y.y.y:59277
proxy    ftp-proxy  84785 4  tcp4   x.x.x.90:53081     y.y.y.y:21
proxy    ftp-proxy  84785 5  tcp4   x.x.x.90:49415     y.y.y.y:57069
proxy    ftp-proxy  84464 4  tcp4   x.x.x.90:54277     y.y.y.y:21
proxy    ftp-proxy  84426 4  tcp4   x.x.x.90:63585     y.y.y.y:21

Can anyone shed any light. I have tried the -s swich and that just bombs 
the proxy completely as does using both of them together.

k