|
> > hey folks,
Hello Jason,
> > export realip=(outside ip address of my server)
> > ipvsadm -A -t $realip:21 -s wrr
> > ipvsadm -a -t $realip:21 -r 10.1.6.11 -m
> > ipvsadm -a -t $realip:21 -r 10.1.6.12 -m
> >
> > 10.1.6.11=vsftp server 1
> > 10.1.6.12=vsftp server 2
That setup reads as an plan for LVS-NAT ... but with incompleted LVS-NAT rules.
You need to cover ALL configured vsftpd server PORTS on the LVS balancer nodes
- otherwise you'll never see an SYNC nor an ACK :)
with LVS-DR the vsftpd can give direct answers , on LVS-NAT you have to take
care of the configured redirected ports very carefully.
You probably also need the ip_vs_ftp kernel modules..
# lsmod | grep ftp
ip_vs_ftp 6731 0
nf_nat 16229 1 ip_vs_ftp
ip_vs 157311 6 ip_vs_ftp,ip_vs_rr
so it shuold be i.e :
>
> > > ipvsadm -A -t $realip:20-21 -s wrr
> > > ipvsadm -a -t $realip:20-21 -r 10.1.6.11 -m
> > > ipvsadm -a -t $realip:20-21 -r 10.1.6.12 -m
>
> > > ipvsadm -A -t $realip:50000-60000 -s wrr
> > > ipvsadm -a -t $realip:50000-60000 -r 10.1.6.11 -m
> > > ipvsadm -a -t $realip:50000-60000 -r 10.1.6.12 -m
>
if still issuies , then install wireshark on lvs , that will extactly tell
you what been happen on your LVS Nodes network traffiik.
For passv vsftpd you must configure like this :
http://splatdot.com/running-vsftpd-behind-a-nat-firewall/
and let the ports 20/21 + passvive ftp ports traffic pass your lvs-nat setup.
if you want passiv sftpd you need as well some other standard ports for that
, i.e 115 .
> > Check if INPUT firewall rules allow the passive data
> > traffic. For example, such rules may help:
> >
> > # Accept FTP DATA (related) and FTP CONTROL (established) traffic:
> > iptables -A INPUT -p tcp -d $VIP -m state --state RELATED,ESTABLISHED -j
> > ACCEPT
> > # Accept FTP CONTROL:
> > iptables -A INPUT -p tcp -d $VIP --dport 21 -m state --state NEW -j ACCEPT
I whuold suggest to use i.e keepalived to manage your LVS-NAT FTP port Rules
and the IP failover .
..take care of port & NAT routing as Junian suggested.
-
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Cluster_Administration/s1-lvs-ftp.html
- http://keepalived.org/LVS-NAT-Keepalived-HOWTO.html
Hope this helps.
--
Mit freundlichen Grüßen / Best Regards
Horst Venzke ; PGP NET : 1024G/082F2E6D ; http://www.remsnet.de - 1995 - 2015
- 20 Jahre Linux/Unix Support.
Legal Notice: This transmittal and/or attachments may be privileged or
confidential. It is intended solely for the addressee named above. Any review,
dissemination, or copying is strictly prohibited. If you received this
transmittal in error, please notify us immediately by reply and immediately
delete this message and all
addressbook.vcf
Description: Vcard
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
