LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

RE: Question about passive FTP

To: "'Tymm Twillman'" <tymm@xxxxxxxxxxxxxxxx>, Ted Pavlic <tpavlic_list@xxxxxxxxxxx>
Subject: RE: Question about passive FTP
Cc: Linux Virtual Server Mailing List <linux-virtualserver@xxxxxxxxxxxx>
From: "Shi, Eddie E" <eshi@xxxxxxxxxxxxxxxxx>
Date: Wed, 30 Jun 1999 10:39:51 -0700
I've checked the source code and found out that the module
~net/ipv4/ip_masq_ftp.c is supposed to handle the situation by adding an
masq entry for 216,69,192,197,4,25 which xlate to 216.69.192.197:1049 so
that the ftp client will be able to connect to LVS and be scheduled to the
ftp server.

Unfortunately , ip_masq_ftp.c has a bug which prevent this from happening.


Regards!

Eddie
Xerox Corporation

-----Original Message-----
From: Tymm Twillman [mailto:tymm@xxxxxxxxxxxxxxxx]
Sent: Wednesday, June 30, 1999 10:16 AM
To: Ted Pavlic
Cc: Linux Virtual Server Mailing List
Subject: Re: Question about passive FTP 


Right.  Because the new connection is to a different IP (but on the same 
box)... You'll get the same thing if you try to FTP to localhost, and 
then tell it to use an IP address on the ethernet interface for passive 
FTP... There's really not any good way to handle this currently, because 
the control connection is to one IP and the data connection is to 
another.  AFAIK, hacking the FTP server to handle this is about the only 
really viable way around the problem (or use a NAT VS).

-Tymm

On Wed, 30 Jun 1999, Ted Pavlic wrote:

> Date: Wed, 30 Jun 1999 11:46:16 -0400
> From: Ted Pavlic <tpavlic_list@xxxxxxxxxxx>
> To: Linux Virtual Server Mailing List <linux-virtualserver@xxxxxxxxxxxx>
> Subject: Question about passive FTP 
> 
> I have to apologize for all the traffic I've recently caused here. I don't
> mean to whine about my own problems so much. :(
> 
> Anyway -- I'm runing the LinuxDirector on a machine and using direct
routing
> to load balance between the servers behind it. (well.. really along side
of
> it)
> 
> I allowed ports 20 and 21 and normal FTP works great. However, whenever I
> try passive FTP (I'm using the ncftpd server, by the way) -- this happens:
> 
> [tpavlic@ctraid tpavlic]$ ftp 10.200.0.15
> Connected to 10.200.0.15.
> 220 www.netwalk.com NcFTPd Server (licensed copy) ready.
> Name (10.200.0.15:tpavlic): ftp
> 331 Guest login ok, send your complete e-mail address as password.
> Password:
> 230-You are user #1 of 50 simultaneous users allowed.
> 230-
> 230 Logged in anonymously.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> ls
> 200 PORT command successful.
> 150 Opening ASCII mode data connection for /bin/ls.
> drwxr-xr-x   2 ftpuser  ftpusers      1024 May  2  1996 bin
> drwxr-xr-x   2 ftpuser  ftpusers      1024 Aug 14  1997 columbus
> drwx------   2 ftpuser  ftpusers      1024 Apr 13  1998 dsgsupport
> drwxr-xr-x   2 ftpuser  ftpusers      1024 May  2  1996 etc
> drwx-wx-wx   2 ftpuser  ftpusers      3072 Jun 25 08:45 incoming
> drwxr-xr-x   5 ftpuser  ftpusers      1024 Jun 15 10:23 pub
> drwxr-xr-x   2 ftpuser  ftpusers      1024 Oct 31  1996 wired
> 226 Listing completed.
> ftp> passive
> Passive mode on.
> ftp> ls
> 227 Entering Passive Mode (216,69,192,197,4,25)
> ftp: connect: Connection refused
> ftp>
> 
> (I tried to show an example of port working and passive not)
> 
> In ncftpd, there is a configuration option that allows you to set the
> passive-ip for this certain situation. I've done that. (Notice that the
> connection is originally made to 10.200.0.15, however the passive tries to
> connect to 216.69.192.197) Still, I get a connection refused as if an
> attempt was being made to access the ftp server through the LinuxDirector.
> 
> And passive mode works fine when I go directly to the server. It's only
when
> I go through the LVS that I have trouble.
> 
> Thanks for any help you can give.
> 
> All the best --
> Ted
> 
> 

<Prev in Thread] Current Thread [Next in Thread>