|
ok thanks, ill try that out.
Jason
On Sun, Jun 28, 2015 at 12:35:49PM +0200, Horst.venzke@xxxxxxxxxx , Horst
Venzke ,Remsnet Consulting und Internet Services LTD, Niederlassung
Deutschland wrote:
> > > hey folks,
>
> Hello Jason,
>
> > > export realip=(outside ip address of my server)
> > > ipvsadm -A -t $realip:21 -s wrr
> > > ipvsadm -a -t $realip:21 -r 10.1.6.11 -m
> > > ipvsadm -a -t $realip:21 -r 10.1.6.12 -m
> > >
> > > 10.1.6.11=vsftp server 1
> > > 10.1.6.12=vsftp server 2
>
> That setup reads as an plan for LVS-NAT ... but with incompleted LVS-NAT
> rules.
> You need to cover ALL configured vsftpd server PORTS on the LVS balancer
> nodes - otherwise you'll never see an SYNC nor an ACK :)
>
> with LVS-DR the vsftpd can give direct answers , on LVS-NAT you have to
> take care of the configured redirected ports very carefully.
>
> You probably also need the ip_vs_ftp kernel modules..
>
> # lsmod | grep ftp
> ip_vs_ftp 6731 0
> nf_nat 16229 1 ip_vs_ftp
> ip_vs 157311 6 ip_vs_ftp,ip_vs_rr
>
>
> so it shuold be i.e :
> >
> > > > ipvsadm -A -t $realip:20-21 -s wrr
> > > > ipvsadm -a -t $realip:20-21 -r 10.1.6.11 -m
> > > > ipvsadm -a -t $realip:20-21 -r 10.1.6.12 -m
> >
> > > > ipvsadm -A -t $realip:50000-60000 -s wrr
> > > > ipvsadm -a -t $realip:50000-60000 -r 10.1.6.11 -m
> > > > ipvsadm -a -t $realip:50000-60000 -r 10.1.6.12 -m
> >
>
>
> if still issuies , then install wireshark on lvs , that will extactly tell
> you want been happen on your LVS Nodes network traffiik.
>
>
> For passv vsftpd you must configure like this :
> http://splatdot.com/running-vsftpd-behind-a-nat-firewall/
> and let the ports 20/21 + passvive ftp ports traffic pass your lvs-nat
> setup.
>
> if you want passiv sftpd you need as well some other standard ports for that
> , i.e 115 .
>
> > > Check if INPUT firewall rules allow the passive data
> > > traffic. For example, such rules may help:
> > >
> > > # Accept FTP DATA (related) and FTP CONTROL (established) traffic:
> > > iptables -A INPUT -p tcp -d $VIP -m state --state RELATED,ESTABLISHED -j
> > > ACCEPT
> > > # Accept FTP CONTROL:
> > > iptables -A INPUT -p tcp -d $VIP --dport 21 -m state --state NEW -j ACCEPT
>
>
>
> I whuold suggest to use i.e keepalived to manage your LVS-NAT FTP port Rules
> and the IP failover .
> ..take care of port & NAT routing !!
> -
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Cluster_Administration/s1-lvs-ftp.html
> - http://keepalived.org/LVS-NAT-Keepalived-HOWTO.html
>
> Keepalive can also handel the required virtual gateway IP on the private
> network well.
>
>
> Hope this helps.
>
>
> --
> Mit freundlichen Grüßen / Best Regards
>
> Horst Venzke ; PGP NET : 1024G/082F2E6D ; http://www.remsnet.de - 1995 -
> 2015 - 20 Jahre Linux/Unix Support.
>
> Legal Notice: This transmittal and/or attachments may be privileged or
> confidential. It is intended solely for the addressee named above. Any
> review, dissemination, or copying is strictly prohibited. If you received
> this transmittal in error, please notify us immediately by reply and
> immediately delete this message and all
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
