|
Hi,
OK. I should take a step back here and ask some questions first.
I upgraded kernel from 2.2.12-20 to 2.2.19 and applied the ipvs patch.
I had to switch back to older version because, the new ipvs was
not behaving correctly. More to the point ftp wasn't working
for some users. Looking at the patch for ipvs that comes with
2.2.18 and 2.2.12-20 I see lines like:
#ifdef CONFIG_IP_MASQUERADE_VS
magic code goes here
#endif
The ipvs patch for 2.2.19 doesn't make any changes
to the ip_masq_ftp module. So I ported forwarded
the changes from 2.2.18 to 2.2.19 and all seems to
work again.
modprobe ip_masq_ftp in_ports=21
What was broken before being patched...
this line was being called in masq_ftp_in
n_ms = ip_masq_new(IPPROTO_TCP,
maddr, 0,
htonl(from), htons(port),
iph->daddr, 0,
IP_MASQ_F_NO_DPORT);
The 0 there for port allows the ip_masq_new call to allocate a new
port number. And thats the behaviour I was seing. During on ls -R with
ftp client,
, the client machine would should the data-ftp port being connected
on port 60000+ and not port 20.( at least thats what netstat says) With
the patch, it
does connect on port 20.
Of note also is if I don't supply the in_ports argument, the ipaddress is
the NAT-machine and not the VIP.
Quite likely I am way off here...
I guess my main question is what changed between 2.2.18
and 2.2.19 that meant that the ipvs patch doesn't alter the ip_masq_ftp
module any more?
Thanks,
Tony.
now go easy on me
|
