Szymon Jakub Oterski wrote:
> The Directors IP is 195.212.95.140, in the intranet 10.1.1.1,
> 195.212.67.138:80 is redirected to 10.1.1.200:81,
> 195.212.67.139:80 is redirected to 10.1.1.200:80,
> 195.212.67.139:23 is redirected to 10.1.1.200:23,
> 195.212.67.139:21 is redirected to 10.1.1.200:21,
> 195.212.67.139:20 is redirected to 10.1.1.200:20,
you only need port 21, remove port 20 - it's handled by the LVS code.
(make sure all the masq modules are compiled eg masq ftp)
> the 2 lowest directives are for FTP.
> now the Director acts as MASQ gateway for 10.1.1.200 on all ports.
turn all the MASQ stuff off for the moment, it could be interferring
with LVS which is using MASQ for its own purposes
> now, situation 1:
>
> Client 1 (10.2.2.1)
> |
> |
> | (10.2.2.2)
> Client2 (gw)
> | (dyna IP)
> |
> Internet
> |
> |
> |
> Router (195.212.95.129)
> |
> |
> | (195.212.95.140)
> Director (eth0:0 = 195.212.67.138, eth0:1 = 195.212.67.139)
> | (10.1.1.1)
> |
> | (10.1.1.200)
> Server
>
> **************************
> now, Client 2 acts as a MASQ firewall, but I can surf on it too.
>
> When I'm on Client 1:
> 195.212.67.138:http works
> 195.212.67.139:http works
> 195.212.67.138:ftp (active) don't work
> 195.212.67.138:ftp (passive) don't work
>
> When I'm on Client 2:
> 195.212.67.138:http works
> 195.212.67.139:http works
> 195.212.67.138:ftp (active) works
> 195.212.67.138:ftp (passive) don't work (i can logon, but if i say "ls"
> i get a connection refused)
> ...
looks like client2 is stopping the active ftp connection from
client1. You'll have to fix that one.
passive ftp (going to a url like ftp://ftp.foo.bar/pub) doesn't
use the LVS ftp code. You have to use LVS persistence (look up
the HOWTO, ask again if you don't understand).
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|