|
For me it only works if the ftpd reports the RIP in response to a PASV ftp
command. It most definately does not work if i set it to report the VIP
instead.
I assume the director changes the response packet to contain the VIP before
forwarding the packet on - and that my firewall (a netscreen) changes it
into the real internet legal IP.
I do have persistence turned on for ftp - since the configure script i used
(configure-lvs-0.9.2.pl) does this automatically. (It does not automatically
put in a default route to the gateway - but that's a different issue
altogether)
Rutger
-----Original Message-----
From: Joseph Mack
Sent: Thursday, 24 October 2002 16:17
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx;
Subject: Re: lvs-NAT ftp (Kernel 2.4.19)
laurie.baker@xxxxxx wrote:
>
> Joe wrote:
> -> I wonder how you do this with unix ftpds.
>
> Probably as per http://www.wu-ftpd.org/man/ftpaccess.html scan for
> pasv-allow <class> [<addrglob> ...],
hmm, thanks, I didn't look at that assuming it was an ACL sort of thing.
also scan for
passive address <externalip> <cidr>
my ftpd doesn't have this capability.
Presumably you want the ftpd to reply to the client
that it's listening on the VIP rather than the RIP.
In response, the ftp client in pasv mode, will send a
a connect request to VIP:high_port and the
director will not forward this high_port unless port 0
(ie all ports) is persistent.
so we still need either a functioning ftp_helper or
ftp handled by persistence.
Joe
--
Joseph Mack PhD, Senior Systems Engineer, SAIC contractor
to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
BenQ. "Bringing Enjoyment 'N Quality to Life". Enjoyment Matters.
|
