That's what amazed me too.. But it DOES intercept the outgoing pasv
packets, as you can see in ip_vs_ftp.c:
/*
* Look at outgoing ftp packets to catch the response to a PASV command
* from the server (inside-to-outside).
* When we see one, we build a connection entry with the client address,
* client port 0 (unknown at the moment), the server address and the
* server port. Mark the current connection entry as a control channel
* of the new entry. All this work is just to make the data connection
* can be scheduled to the right server later.
*
* The outgoing packet should be something like
* "227 Entering Passive Mode (xxx,xxx,xxx,xxx,ppp,ppp)".
* xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port number.
*/
static int ip_vs_ftp_out(struct ip_vs_app *vapp,
struct ip_vs_conn *cp, struct sk_buff *skb)
...
Rutger
-----Original Message-----
From: Joseph Mack [mailto:mack.joseph@xxxxxxx]
Sent: Thursday, 24 October 2002 17:26
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: lvs-NAT ftp (Kernel 2.4.19)
Rutger van Oosten wrote:
>
> For me it only works if the ftpd reports the RIP in response to a PASV ftp
> command. It most definately does not work if i set it to report the VIP
> instead.
I wouldn't have expected that. The IP that the ftpd is listening
on is in the payload of the packet, not the header, so the
director won't change it.
Joe
--
Joseph Mack PhD, Senior Systems Engineer, SAIC contractor
to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
BenQ. "Bringing Enjoyment 'N Quality to Life". Enjoyment Matters.
|