|
I have a server application that is using an anonymous unpriviledged
port. (don't ask) So in order to make it work behind a firewall, I
currently have to start the server, do a netstat and edit the firewall.
If I can't figure it out from netstat, I have to run a packet sniffer
outside the firewall to see what ports the client is trying to connect
to. I believe the developers of the server are fixing it to use a fixed
port, but they asked if my firewall supports port triggering. Port
triggering is when use of one port triggers redirection of another port.
I'm not sure how this would work, in this particular case, as the
client connects on a well known port and, I believe, is told the
anonymous port. I'm not so muched concerned for this particular server,
since they're fixing it to use fixed ports (as a server should), but
it's something that may come up in the future. What I am curious about
is if a server behind an LVS NAT sends traffic on port x, can LVS
dynamically see that and start forwarding ports y-z, which may include
x, back to the original server.
Roberto Nibali wrote:
Justin Georgeson wrote:
Does LVS in NAT mode support port triggering?
I am not sure if I do understand port triggering correctly. Could you
give an example of a protocol you'd like to load balance. If we're
talking about IRC DCC for example I might be inclined to say no. You
could however try to set up a persistence template using port 0.
Another possibility would be to use a conntrack helper (to recognize
connection ports) to fwmark packets in the PREROUTING chain of the
mangle table and then generate a persistence template with fwmarks.
I'm afraid but I think you have to give us a bit more information.
Best regards,
Roberto Nibali, ratz
--
Justin Georgeson
UnBound Technologies, Inc.
http://www.unboundtech.com
Main 713.329.9330
Fax 713.460.4051
Mobile 512.789.1962
5295 Hollister Road
Houston, TX 77040
Real Applications using Real Wireless Intelligence(tm)
|
