Right. Because the new connection is to a different IP (but on the same
box)... You'll get the same thing if you try to FTP to localhost, and
then tell it to use an IP address on the ethernet interface for passive
FTP... There's really not any good way to handle this currently, because
the control connection is to one IP and the data connection is to
another. AFAIK, hacking the FTP server to handle this is about the only
really viable way around the problem (or use a NAT VS).
-Tymm
On Wed, 30 Jun 1999, Ted Pavlic wrote:
> Date: Wed, 30 Jun 1999 11:46:16 -0400
> From: Ted Pavlic <tpavlic_list@xxxxxxxxxxx>
> To: Linux Virtual Server Mailing List <linux-virtualserver@xxxxxxxxxxxx>
> Subject: Question about passive FTP
>
> I have to apologize for all the traffic I've recently caused here. I don't
> mean to whine about my own problems so much. :(
>
> Anyway -- I'm runing the LinuxDirector on a machine and using direct routing
> to load balance between the servers behind it. (well.. really along side of
> it)
>
> I allowed ports 20 and 21 and normal FTP works great. However, whenever I
> try passive FTP (I'm using the ncftpd server, by the way) -- this happens:
>
> [tpavlic@ctraid tpavlic]$ ftp 10.200.0.15
> Connected to 10.200.0.15.
> 220 www.netwalk.com NcFTPd Server (licensed copy) ready.
> Name (10.200.0.15:tpavlic): ftp
> 331 Guest login ok, send your complete e-mail address as password.
> Password:
> 230-You are user #1 of 50 simultaneous users allowed.
> 230-
> 230 Logged in anonymously.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> ls
> 200 PORT command successful.
> 150 Opening ASCII mode data connection for /bin/ls.
> drwxr-xr-x 2 ftpuser ftpusers 1024 May 2 1996 bin
> drwxr-xr-x 2 ftpuser ftpusers 1024 Aug 14 1997 columbus
> drwx------ 2 ftpuser ftpusers 1024 Apr 13 1998 dsgsupport
> drwxr-xr-x 2 ftpuser ftpusers 1024 May 2 1996 etc
> drwx-wx-wx 2 ftpuser ftpusers 3072 Jun 25 08:45 incoming
> drwxr-xr-x 5 ftpuser ftpusers 1024 Jun 15 10:23 pub
> drwxr-xr-x 2 ftpuser ftpusers 1024 Oct 31 1996 wired
> 226 Listing completed.
> ftp> passive
> Passive mode on.
> ftp> ls
> 227 Entering Passive Mode (216,69,192,197,4,25)
> ftp: connect: Connection refused
> ftp>
>
> (I tried to show an example of port working and passive not)
>
> In ncftpd, there is a configuration option that allows you to set the
> passive-ip for this certain situation. I've done that. (Notice that the
> connection is originally made to 10.200.0.15, however the passive tries to
> connect to 216.69.192.197) Still, I get a connection refused as if an
> attempt was being made to access the ftp server through the LinuxDirector.
>
> And passive mode works fine when I go directly to the server. It's only when
> I go through the LVS that I have trouble.
>
> Thanks for any help you can give.
>
> All the best --
> Ted
>
>
|