|
I have a problem with FTP via a director server to a real server. I
realise I'm not the first, but I've Googled and read old mails from this
list to no avail.
Setup: two director servers giving access to two real servers. The
director servers pass FTP (and HTTP) connections as 'masq' to one or other
of the real servers. HTTP works without problem. For the purposes of
testing, one director and one real server have been disabled.
Problem: FTP access from the outside world ("office") to the VIP on the
director results in an FTP login prompt from the real server. The login is
successful. Issue an 'ls' command from the FTP client and the connection
hangs.
Analysis: a tcpdump from the director server shows the 'ls' command (as
"LIST") from the office IP to the director, and again from the director
to the real server (masqueraded, as expected). Next an ftp-data (port 20)
SYN is made from the real server to the director, and then from the
director to the office IP, again as expected. Finally, the office IP
responds with a SYN,ACK which is received by the director but never passed
on to the real server. The pattern then repeats, as expected, with the
real server sending SYNs and the office IP responding with SYN,ACKs but
the director server never passes the SYN,ACK to the real server.
On the director server:
# lsmod|grep ftp|awk '{print $1}'
nf_nat_tftp
nf_conntrack_tftp
nf_nat_ftp
nf_nat
nf_conntrack_ftp
nf_conntrack
ip_vs_ftp
ip_vs
I'm at a loss to understand why the director isn't passing the SYN,ACK
back to the real server.
Thanks.
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
