|
Hello,
On Tue, 1 May 2001, Wenzhuo Zhang wrote:
> > > > The FTP support in 2.2 is only as module. Starting from 2.2.19
> > > > there are more restrictions, the following module parameter is required:
> > > >
> > > > modprobe ip_masq_ftp in_ports=21
> > > >
> > >
> > > I've been using 2.2.19 on my dialup masquerading box for quite some
> > > time. It doesn't seem to me that the option is required, whether in
> > > PASV or PORT mode.
> >
> > Is FTP working with NAT-ed real servers without this option?
>
> Yes. We can actually get ftp to work in NAT mode without using the
> ip_masq_ftp module. The trick is to tell the real ftp servers to use
> the VIP as the passive address for connections from outside; e.g. in
> wu-ftpd, add the following lines to the /etc/ftpaccess:
>
> passive address RIP <localnet>
> passive address 127.0.0.1 127.0.0.0/8
> passive address VIP 0.0.0.0/0
>
>
> Of course, the ftp virtual service has to be persistent port 0.
But some guys will not like to open all ports :) And what happens
in the case when two real servers announce same VPORT for the VIP?
I assume the real server packets don't go through the director?
Something like DR? I understand that such setup can work but I
expect many problems: broken data connections. Or I'm
misunderstanding something?
So, the question remains open: is active ftp working for
LVS-NAT without the in_ports option. By default, most of the browsers
use the passive option and may be this problem is not observed. I tried
it only once for a little FTP test and I think it is needed. But you
guys will make your tests, I hope :)
Regards
--
Julian Anastasov <ja@xxxxxx>
|
