Re: outbound nat problem

[Rob Ruth <rruth@xxxxxxxxxxx>]

I didn't know I referred to VIP as something else.

When connecting via ftp to the VIP from a client on the same subent w/ 
ip_vs_ftp enable I get the passive mode message displaying the RIP and 
no directory listing (long stall and eventual timeout). When ip_vs_ftp 
is disabled I get the passive mode message w/ the VIP but a "connection 
refused" when I try and list the directory.
I am currently running CentOS 3.5 and will try 4.2 w/ the 2.6 kernel to 
see if I get better results.
Joseph Mack NA3T wrote:

> On Wed, 7 Dec 2005, Rob Ruth wrote:
>
> > lvs public ip - 172.16.123.24 (dmz)
> > lvs private ip - 10.0.0.252 (lan)
> > virtual ip  - 172.16.123.25 (dmz)
> > real server - 10.0.0.95 (lan)
> > public (routable) ip - 198.x.x.x (wan)
> >
> > I have two layers of nat. Firewall to lvs (wan -> dmz) and lvs to 
> > real server (dmz -> lan). The public IP is nat'd to the vip on my 
> > firewall.
> > Without ip_vs_ftp the passive mode message is displaying the publicly 
> > routable address (198.x.x.x). When I load ip_vs_ftp the message shows 
> > the vip which is on a private dmz (172.16.123.25).
>
> Figuring out what you've got it more that you can expect us to deal 
> with. How about you use our lingo? The address you connect to on the 
> director is the VIP. The address on the outside of the firewall is the 
> address on the outside of the firewall and should not be a part of this.
> Is the problem on the director or the firewall and what is the problem?
>
>
> Joe
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml Homepage 
> http://www.austintek.com/ It's GNU/Linux!
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users