RE: ip_masq_ftp 2.2.19

To:	Jeremy Kusnetz <JKusnetz@xxxxxxxx>
Subject:	RE: ip_masq_ftp 2.2.19
Cc:	<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From:	Julian Anastasov <ja@xxxxxx>
Date:	Tue, 12 Jun 2001 00:01:41 +0000 (GMT)

        Hello,

On Mon, 11 Jun 2001, Jeremy Kusnetz wrote:

> Internet
> -----------------
> |Good FTP Client|-----------------|
> -----------------                 |
>                                   |
>            | ------------------|  |
> ----------------------------------------------
> Work Lan   |       | LVS Lan      |
> ----------------   |        ---------------
> | Work Firewall|   |        |LVS/IP_MASQ  |
> ----------------   |        | VIP         |
>            |       |        ---------------
> -----------------  |              |
> | Bad FTP client|  |       ------------------
> -----------------  |       | RIP, FTP Server|--
>                            ------------------  |
>                               |----------------|
> Does this make any sense?

        Sorry, I can't understand very well the setup. It looks ambigous.
I can recommend you only the "mini-howto". I don't know for any other
problems related to the masq setups. May be I have to add there only
the info about setting conf/XXX/send_redirects to 0. But you know how
to use it already :)

client# ip route get VIP
real_server# ip route get CLIENT

        I think, with 3 tcpdumps it is very easy to find any problems.
The other alternative is filling diagrams with exact and full settings,
etc., etc :) Deeper problems need deeper setup explanation :) Don't
rely on the fact you know what are the actual settings. Check them all
again.

> The Good FTP client is any FTP client out there on the internet.  Both
> Active and Passive
> work.
>
> The Bad FTP client are FTP clients sitting behind a work firewall (NOT the
> LVS firewall).
> Active ftp times out and Passive ftp gets Connection Refused.
>
> The Bad FTP client worked fine with both Active and Passive FTP with Kernel
> 2.2.16 and LVS 0.9.15, so it seems to be some sort of interaction with
> ip_masq_ftp and the work firewall?

        Sorry, no. I don't know for such problems. May be the work
firewall can make problems, so if you can, start the ftp client from
the work firewall host, not behind it. Recommended for NAT firewalls.
Isolate the problem.

> I would leave everything with 2.2.16, but I need to upgrade for other
> non-LVS related reasons (ie NFS, client loses connection to NFS server, NFS
> server crashes.  Kind of takes away any advantage of having clusters/LVS..
> :-) ).

Regards

--
Julian Anastasov <ja@xxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
Re: ip_masq_ftp 2.2.19, (continued) Re: ip_masq_ftp 2.2.19, Julian Anastasov patch for ldirectord to support master server, Alois Treindl Re: [Ultramonkey-devel] patch for ldirectord to support master server, Andreas J. Koenig Re: [Ultramonkey-devel] patch for ldirectord to support master server, Alois Treindl Re: ip_masq_ftp 2.2.19, Joseph Mack stupid question: can I access LVS http-server from director, Alois Treindl Re: stupid question: can I access LVS http-server from director, Paul Baker Re: stupid question: can I access LVS http-server from director, Alois Treindl Re: stupid question: can I access LVS http-server from director, Joseph Mack RE: ip_masq_ftp 2.2.19, Jeremy Kusnetz RE: ip_masq_ftp 2.2.19, Julian Anastasov <=

Previous by Date:	Re: stupid question: can I access LVS http-server from director, Joseph Mack
Next by Date:	Re: stupid question: can I access LVS http-server from director, Alois Treindl
Previous by Thread:	RE: ip_masq_ftp 2.2.19, Jeremy Kusnetz
Next by Thread:	RE: stupid question: can I access LVS http-server from director, Peter Mueller
Indexes:	[Date] [Thread] [Top] [All Lists]