LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

RE: lvs-NAT ftp (Kernel 2.4.19)

from [Tim Cronin] [Permanent Link]
To: "'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: lvs-NAT ftp (Kernel 2.4.19)
From: Tim Cronin <tim@xxxxxxxxxxxxxxx>
Date: Thu, 24 Oct 2002 10:52:31 -0500 
sorry... I put my response under Rutgers...

one thing I noticed in the logs yesterday was this

conntrack_ftp: partial 227  2360695412+34


-----Original Message-----
From: Rutger van Oosten [mailto:R.vanOosten@xxxxxxxxxxx]
Sent: Thursday, October 24, 2002 10:34 AM
To: 'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'
Subject: RE: lvs-NAT ftp (Kernel 2.4.19)

That's what amazed me too..  But it DOES intercept the outgoing pasv
packets, as you can see in ip_vs_ftp.c:


/*
 * Look at outgoing ftp packets to catch the response to a PASV command
 * from the server (inside-to-outside).
 * When we see one, we build a connection entry with the client address,
 * client port 0 (unknown at the moment), the server address and the
 * server port.  Mark the current connection entry as a control channel
 * of the new entry. All this work is just to make the data connection
 * can be scheduled to the right server later.
 *
 * The outgoing packet should be something like
 *   "227 Entering Passive Mode (xxx,xxx,xxx,xxx,ppp,ppp)".
 * xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port number.
 */
static int ip_vs_ftp_out(struct ip_vs_app *vapp,
                         struct ip_vs_conn *cp, struct sk_buff *skb)

...


Rutger

-----Original Message-----
From: Joseph Mack [mailto:mack.joseph@xxxxxxx]
Sent: Thursday, 24 October 2002 17:26
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: lvs-NAT ftp (Kernel 2.4.19)


Rutger van Oosten wrote:
> 
> For me it only works if the ftpd reports the RIP in response to a PASV ftp
> command. It most definately does not work if i set it to report the VIP
> instead.

I wouldn't have expected that. The IP that the ftpd is listening
on is in the payload of the packet, not the header, so the 
director won't change it.

Joe

-- 
Joseph Mack PhD, Senior Systems Engineer, SAIC contractor 
to the National Environmental Supercomputer Center, 
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users


BenQ. "Bringing Enjoyment 'N Quality to Life". Enjoyment Matters.

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  lvs and PCAnywhere, Tim Cronin
Next by Date:  (no subject), lvs-users
Previous by Thread:  RE: lvs-NAT ftp (Kernel 2.4.19), Tim Cronin
Next by Thread:  RE: lvs-NAT ftp (Kernel 2.4.19), Rutger van Oosten
Indexes:  [Date] [Thread] [Top] [All Lists]