Hello,
On Wed, 18 Sep 2002, Tony Clarke wrote:
>
> OK. Perhaps I should explain what I mean when I say it "doesn't work" a bit
> better.
>
> All that follows could be complete rubbish...but its how I see it now.
>
> LVS-NAT
>
> There are two ways of using ftp (active and passive).
> Active scenario.
>
> In -> Out
>
>
> Client (internal) ------> NAT-BOX ------> ftp-Server (external)
>
> This case works fine.
>
>
> Out -> In (Where the client is behind its own firewall)
>
>
> Client --------> FireWall ------>NAT-BOX------->ftp-server
>
>
> When the client connects to ftp-server it can log in, when it does
> an "ls", it hangs.
>
> The reason it hangs is because the Firewall is not seeing the port number
> it expected. Its expecting 20 and its getting 60,000+.
>
> With the patch applied. It works fine.
>
Yes, the default ip_masq_ftp module doesn't work very correctly for ipvs.
will move the original ip_masq_ftp patch back to ipvs 1.0.9 for kernel
2.2.
Regards,
Wensong
|