RE: Problem with passive FTP

To:	"'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	RE: Problem with passive FTP
From:	Javier Muniz <jmuniz@xxxxxxxxxxxx>
Date:	Fri, 23 Aug 2002 17:08:46 -0700

Solved my own problem.  Turns out I had:
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 21:21 -p 6 -j ACCEPT -y

Before I set my firewall mark, so the packets weren't being marked. My bad.

-Javier

-----Original Message-----
From: Javier Muniz [mailto:jmuniz@xxxxxxxxxxxx]
Sent: Friday, August 23, 2002 4:35 PM
To: 'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'
Subject: Problem with passive FTP


I am having a problem with passive FTP on my LVS-NAT cluster.  I have
configured ipchains with the following marks:

-A input -s 0.0.0.0/0.0.0.0 -d 66.180.233.20/255.255.255.255 21:21 -p 6 -m 1
-A input -s 0.0.0.0/0.0.0.0 -d 66.180.233.20/255.255.255.255 10000:20000 -p
6 -m 1

I have configured my realserver to only use ports 10000-20000 for incoming
passive ftp connections.
I have also configured my lvs.cnf as follows:

virtual mediamanagerFTP {
     active = 1
     address = 66.180.233.20 eth0:1
     vip_nmask = 255.255.255.0
     fwmark = 1
     port = 21
     persistent = 900
     expect = "OK"
     send_program = "/usr/local/bin/ftp-test %h"
     load_monitor = none
     scheduler = rr
     protocol = tcp
     timeout = 6
     reentry = 15
     quiesce_server = 0
     server slipstream-101 {
         address = 192.168.2.10
         active = 0
         weight = 1
     }
     server slipstream-102 {
         address = 192.168.2.11
         active = 1
         weight = 1
     }
}

/usr/local/bin/ftp-test returns the text "OK" in this case.

This is what i get when I start pulse:

Aug 23 13:14:06 loadserver-101 pulse[xxxx]: STARTING PULSE AS MASTER
Aug 23 13:14:06 loadserver-101 pulse: pulse startup succeeded
Aug 23 13:14:24 loadserver-101 pulse[xxxx]: partner dead: activating lvs
Aug 23 13:14:24 loadserver-101 lvs[xxxx]: starting virtual service
mediamanager active: 80
Aug 23 13:14:24 loadserver-101 lvs[xxxx]: create_monitor for
mediamanager/slipstream-102 running as pid xxxx
Aug 23 13:14:24 loadserver-101 nanny[xxxx]: starting LVS client monitor for
66.180.233.20:80
Aug 23 13:14:24 loadserver-101 lvs[xxxx]: starting virtual service
mediamanagerFTP active: 21
Aug 23 13:14:24 loadserver-101 lvs[xxxx]: create_monitor for
mediamanagerFTP/slipstream-102 running as pid xxxx
Aug 23 13:14:24 loadserver-101 nanny[xxxx]: starting LVS client monitor for
66.180.233.20:21
Aug 23 13:14:24 loadserver-101 nanny[xxxx]: making 192.168.2.11:21 available
Aug 23 13:14:27 loadserver-101 nanny[xxxx]: making 192.168.2.11:80 available
Aug 23 13:14:29 loadserver-101 pulse[xxxx]: gratuitous lvs arps finished

However when I try to connect to 66.180.233.20:21 from an outside host I get
connection refused... any ideas?

-Javier

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users

<Prev in Thread]	Current Thread	[Next in Thread>
Problem with passive FTP, Javier Muniz RE: Problem with passive FTP, Javier Muniz <=

Previous by Date:	Problem with passive FTP, Javier Muniz
Next by Date:	Favorite cert authority?, Zachariah Mully
Previous by Thread:	Problem with passive FTP, Javier Muniz
Next by Thread:	Favorite cert authority?, Zachariah Mully
Indexes:	[Date] [Thread] [Top] [All Lists]