LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: 2.2.19 ipvs patch for ip_masq_ftp

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: 2.2.19 ipvs patch for ip_masq_ftp
From: Wensong Zhang <wensong@xxxxxxxxxxxx>
Date: Wed, 18 Sep 2002 23:08:30 +0800 (CST)
Hello,

On Wed, 18 Sep 2002, Tony Clarke wrote:

> 
> OK. Perhaps I should explain what I mean when I say it "doesn't work" a bit 
> better.
> 
> All that follows could be complete rubbish...but its how I see it now.
> 
> LVS-NAT
> 
> There are two ways of using ftp (active and passive).
> Active scenario.
> 
> In -> Out
> 
> 
> Client (internal) ------> NAT-BOX ------> ftp-Server (external)
> 
> This case works fine. 
> 
> 
> Out -> In (Where the client is behind its own firewall)
> 
> 
> Client --------> FireWall ------>NAT-BOX------->ftp-server
> 
> 
> When the client connects to ftp-server it can log in, when it does
> an "ls", it hangs. 
> 
> The reason it hangs is because the Firewall is not seeing the port number
> it expected. Its expecting 20 and its getting 60,000+. 
> 
> With the patch applied. It works fine. 
> 

Yes, the default ip_masq_ftp module doesn't work very correctly for ipvs. 
will move the original ip_masq_ftp patch back to ipvs 1.0.9 for kernel 
2.2.

Regards,

Wensong



<Prev in Thread] Current Thread [Next in Thread>