|
Hi,
I use proftpd, but i guess there are some similar things.
I has also the same ipvs setup and has also only active ftp working...
Perhaps, to make work the passive mode, we should add a permanent
listener on passive ports on the centos box, with something like
ipvsadm -A -t $realip:50000-60000 -s wrr
ipvsadm -a -t $realip:50000-60000 -r 10.1.6.11 -m
ipvsadm -a -t $realip:50000-60000 -r 10.1.6.12 -m
firewall-cmd --zone=public --add-port=50000-60000/udp --permanent
First, it is not working (multiple ports are not allowed) but i also prefer,
for security reasons to have not so many ports opened on my server.
In active mode, the ip_vs_ftp do all the job via conntrack :
conntrack -L | grep dport=21
In this case, the only needed setup to make it work is to allow FTP
traffic :
firewall-cmd --zone=public --add-port=21/udp --permanent
and setup via ipvsadm the loadbalancing.
So, do you really need the ftp passive mode ?
--
Ivan
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
