LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: ip_masq_ftp in not in kernel in 2.2.19

from [Wenzhuo Zhang] [Permanent Link]
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: ip_masq_ftp in not in kernel in 2.2.19
From: Wenzhuo Zhang <wenzhuo@xxxxxxxxxx>
Date: Tue, 1 May 2001 23:09:13 +0800 
On Tue, May 01, 2001 at 05:09:05PM +0000, Julian Anastasov wrote:
> 
>       Hello,
> 
> On Tue, 1 May 2001, Joseph Mack wrote:
> 
> > >         But some guys will not like to open all ports :) And what happens
> > > in the case when two real servers announce same VPORT for the VIP?
> > > I assume the real server packets don't go through the director?
> >
> > The packets from the client to the real-server have to return via the
> > director or they will not arrive on the VIP.
> 
>       If the real server sends packets with saddr=VIP they can't go
> through the director.

The passive addresses as specified in the ftp server configurations
only appear in the packet payload. The ftp client gets the server
address and port for passive data connections by sending the "PASV"
commend to the server in the control connection.

> 
> > >         So, the question remains open: is active ftp working for
> > > LVS-NAT without the in_ports option.
> >
> > what is in_ports?
> 
>       The 2.2.19 way to open ports for FTP port forwarding including
> LVS-NAT FTP. The only place where I see any info is in the sources.
> 
> > By default, most of the browsers
> > > use the passive option and may be this problem is not observed.
> >
> > I got active (command line) ftp to work without the ftp module
> 
>       LVS-NAT?

As for as masquerading is concerned, the module is only needed for
PORT data connections from outside, I think. But for virtual services,
PORT connections are initiated from within the internal network. So it
works without the module and the director masqurades the data packets
as usual.

For passive connections, there will be two connection from each
client: one control connection and one intermittent data connection.
The client gets the IP address port by sending a "PASV" command in the
control connection. So configuring the ftpserver to use VIP as the
passive address is crucial. Also, since there will be intermittent
data connections with different dest ports from the client,
persistency is required.

> 
> > Joe
> 
> 
> Regards
> 
> --
> Julian Anastasov <ja@xxxxxx>
> 
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users

-- 
Wenzhuo
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ip_masq_ftp in not in kernel in 2.2.19, Joseph Mack
Next by Date:  Re: ip_masq_ftp in not in kernel in 2.2.19, Wenzhuo Zhang
Previous by Thread:  Re: ip_masq_ftp in not in kernel in 2.2.19, Joseph Mack
Next by Thread:  Re: ip_masq_ftp in not in kernel in 2.2.19, Julian Anastasov
Indexes:  [Date] [Thread] [Top] [All Lists]