Jeremy Kusnetz wrote:
>
> The symptoms:
> When connecting to LVS ftpd servers from behind a firewall, you can not do
> listing, or file upload and download, ie. the data port is being blocked.
> One must explicitly set the server into passive mode after logging into the
> ftpd server to be able to perform these functions.
what happens when you try to ftp from a client inside the firewall?
(don't delete the rest of this posting in your reply)
Joe
> What I expect:
> I expect the ftpd servers to start off in passive mode and allow transfers
> through the firewall. This is how it happens when I am not using LVS. ie,
> the ftpd server is on the VIP itself, not the realservers.
>
> Why it's bad:
> This is bad because this is an extra step that most people don't have to do,
> and many novice users won't know how to do.
>
> This is a problem with LVS because when going to the same version and
> configuration of the ftpd server that are NOT going through LVS, you do not
> have to set the server's to passive, it just works, even from behind the
> firewall.
>
> There is SOMETHING that by going through LVS is causing this to happen.
> There must be something that going through LVS-NAT is blocking from the ftpd
> servers giving them enough information to go into passive mode which is what
> I belive the RFC says ftpd is supposed to do.
>
> Here is the configuration that isn't working:
>
> client--firewall--director/VIP/LVS-NAT--realservers(ftpd)(10. network,
> client can't see without LVS)
>
> Here is my setup:
> ipvsadm -A -t 216.xxx.xxx.xxx:ftp -s lc -p 540
> ipvsadm -a -t 216.xxx.xxx.xxx:ftp -r 10.xxx.xxx.1 -m
> ipvsadm -a -t 216.xxx.xxx.xxx:ftp -r 10.xxx.xxx.2 -m
>
> I am using version 0.9.15 for kernel 2.2.16
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|