|
Hello,
On Fri, 19 May 2000, Jytsai wrote:
> Sorry, I haven't described details last time.
> My system looks as following:
>
> Some client IP = 172.26.20.15
> |
> LAN
> __ |___ VIP eth0 = 172.26.20.73
> __|___
> |_VS_|
> ___|___ Director eth1 = 10.0.0.254
> |
> ___|___ RIP eth0 = 10.0.0.11
> __|___
> |_RS_|
>
> When I set the rule on VS like:
> ipvsadm -A -t 172.26.20.73:21
> ipvsadm -a -t 172.26.20.73:21 -r 10.0.0.11:21 -m
>
> Then, from the client 172.26.20.15 can ftp to VIP 172.26.20.73
> and thus will be redirected to RIP by IPVS.
> This is works very well, no problem.
>
> But the PROBLEM is :
> At the same time, from the client 172.26.20.15, I can not telnet ,
> finger,.etc to VS any more !
> The normal inetd services(except ftp) provided by VS should work
> normally, shouldn't it ?
You are right. We can exclude the 0..1023 port range
to be forwarded to the real server. That is dangerous.
>
> Further, the VS itself can not connect to any other computers, it means
> that the networking ability of VS are jammed, even I log in from the
> console of VS !
Yes, the FTP service is treated as persistent service
with the lowest priority. You still can use another Director's
IP instead of using 172.26.20.73.
>
> After setting "ipvsadm -C" , all of the above misfuncitonality are
> disappear!
>
> May someone give me some solutions, thank you very much!
>
Until the vport is restricted in ip_vs_lookup_service to
1024..* you can try to add alias on the external interface and to
use it to connect to the fingerd.
Regards
--
Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
|
