|
My IPs:
Here's my setup
I have two lvs (lvs1 and 2) servers. I wish to allow users from both
outside and inside our network to use ftp service. Of course I have my
ftp realserver and a backup ftp server (serves as failover to my ftp
server).
LVS external interface(eth0) = 176.18.24.2
External VIP for FTP and backup-ftp realservers = 176.18.24.1
LVS internal interface (eth1) = 10.0.0.2
internal VIP our realserver will use as gateway = 10.0.0.1
ip_of_ftp_server = 10.0.0.3
back_ftp = 10.0.0.4
I've used keepalived + ipvsadm here: ipvsadm now says:
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP VIP_of_FTP:ftp rr
-> IP_OF_FTP_SERVER:ftp Masq 1 0 0
-> IP_OF_BACKUP_SERVER:ftp Masq 1 0 1
on my iptable rule i did:
iptables -t nat -A PREROUTING -d 10.0.0.1 -p tcp --dport 21 -j DNAT
--to-destination 10.0.0.4
iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j MASQUERADE
Now when i stop the ftp service on ftp_server, my internal/local users
can still access the ftp since keepalived is redirecting the packet into
backup_ftp server at port 21 but i can't understand if why users from
outside our network cannot use ftp. What seems to be the problem on my
setup? Is there anything missing on my config?
Please advise... thanks
|
