LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: tunneling & masq_app

from [Peter Ke{e] [Permanent Link]
To: wensong@xxxxxxxxxxxx, linux-virtualserver@xxxxxxxxxxxx
Subject: Re: tunneling & masq_app
Cc: peter.kese@xxxxxx
From: Peter Ke{e <peter.kese@xxxxxxxxxxxxxx>
Date: Thu, 11 Feb 1999 13:09:55 +0100 (MET) 
Hi!

> Yeah, it should be possible. But, I think setting up an FTP Virtual
> Server doesn't need to reimplement part of the ip_masq_ftp.c code,
> because there is no relation, the tunneling host doesn't need to
> parse the PASV command in the ftp packets. You can ftp the tunneled 
> host, can't you? :-)

No, not really. I can connect to the ftp server (whichever is chosen
by the VS router), I can logon, send my password and set some options.
But when I want to transfer a file, the whole thing locks up.

What happens is the following:
Before each file transfer starts, the ftp client sends the ftp server
an IP addres and IP port number on which the client (!) is listenning.
This is done by the ftp 'PORT' command. Then the client requests a
file transfer. The server opens a tcp socket and connects it to the
IP address/port specified by the client. In other words, the server
connects to the client.

So in order to thansfer a file, a completely new TCP connection is
created between server and client. This connection is called a DATA
connection. It is a different pair of ports, but the IP addresses
usually remain the same.

Of course the TCP packets send by the server across the DATA
connection easily reach the client, but the TCP layer on the client
must also send some packets back to the server in response. When
such an IP packet arrives, it arrives to the VS router, which must
decide, where to route those packets. The VS router does not know
what to do with those packets and simply lets them be handled by
the local host.

If I set up a local host VS configuration, each time the local host
(the VS router itself) is chosen to play the server role, the ftp
works fine. But when any other server is chosen, the connection
simply freezes whenever I send a GET/PUT/DIR command.

So I think if the 'PORT' commands would be intercepted by the router
and a proper masquerading entry inserted into the hash table, the
ftp server could work fine. Now this is the theory I would like to
prove and I wouldn't mind spending some time on it. But it would
make it much easier to let the ftp_masq_app reside in a module...

Any comments/ideas?

Cheers,
                          Peter
 

P.S. What is the situation with the 2.2.X kernels. Did anyone have
a peek at the 2.2.x masquerading code - does it differ a lot?
How much work would it take? Any candidates?
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Virtual Server Patch version 0.7 released, Robert Thomas
Next by Date:  "Mailing lists", pinzari
Previous by Thread:  Re: tunneling & masq_app, Wensong Zhang
Next by Thread:  Re: tunneling & masq_app, Wensong Zhang
Indexes:  [Date] [Thread] [Top] [All Lists]