Active ftp w/ lvs NAT broken?

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Active ftp w/ lvs NAT broken?
From: Mark de Vries <markdv.lvsuser@xxxxxxxxxx>
Date: Tue, 22 Nov 2005 13:42:03 +0100 (CET)

I have little setup where I balance mulitple FTP services behind a pair of
ip_vs loadbalancers. Each box has it's own public IP and there are 6 or so
VIPs/aliasses that are on which ever box is the active balancer. FTP
services are balacend to two hosts with lvs-NAT.

No I've noticed that active FTP is borken. On the client side I can see
that the ftp-data connection is comming from the IP of the loadbalancer
instead of the VIP I made the innitial connection to.

I have:

Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  IP1:80 wlc persistent 1800
  ->              Masq    10     0          0
  ->              Masq    10     0          0
TCP  IP2:80 wlc
  ->            Masq    10     3          8
  ->            Masq    10     1          12
  ->            Masq    10     2          10
TCP  IP3:21 wlc
  ->              Masq    10     15         62
  ->              Masq    10     16         53
TCP  IP4:21 wlc persistent 1800
  ->              Masq    10     0          0
  ->              Masq    10     0          0
TCP  IP5:21 wlc persistent 1800
  ->              Masq    10     0          0
  ->              Masq    10     0          0

When I connect to IP3:ftp everything works fine untill I initiata a data
transfer. On the client I see an incomming connection from IP0 (the
primary IP of the balancer which has no virtual services) which is refused
by the client because it comes from the wrong IP.

Passive ftp works fine.

The kernel version is The ip_vs_ftp module is loaded (and also
tried with and without ip_conntrack_ftp)... And I don't know where to look
for the problem.

Any help welcome! :)


<Prev in Thread] Current Thread [Next in Thread>