|
Hello Ratz,
On Tue, 17 Sep 2002, Roberto Nibali wrote:
Could you please check with the 2.2.19 kernel code for ip_masq_ftp.c (maybe
Julian) and if we need Tony's patch tell me. I would then rediff the stuff
I just tested ip_masq_ftp.o of kernel 2.2.19 (or later), it works with
ipvs. The active mode of FTP always works without loading ip_masq_ftp.o,
but the passive mode of FTP need loading ip_masq_ftp.o with in_ports=21
(modprobe ip_masq_ftp in_ports=21).
OK. Perhaps I should explain what I mean when I say it "doesn't work" a bit
better.
All that follows could be complete rubbish...but its how I see it now.
LVS-NAT
There are two ways of using ftp (active and passive).
Active scenario.
In -> Out
Client (internal) ------> NAT-BOX ------> ftp-Server (external)
This case works fine.
Out -> In (Where the client is behind its own firewall)
Client --------> FireWall ------>NAT-BOX------->ftp-server
When the client connects to ftp-server it can log in, when it does
an "ls", it hangs.
The reason it hangs is because the Firewall is not seeing the port number
it expected. Its expecting 20 and its getting 60,000+.
With the patch applied. It works fine.
Where am I going astray?
Thanks Tony.
| 