|
On Mon, Oct 06, 2003 at 11:39:24AM +0800, Oliver wrote:
> My IPs:
>
> Here's my setup
>
> I have two lvs (lvs1 and 2) servers. I wish to allow users from both
> outside and inside our network to use ftp service. Of course I have my
> ftp realserver and a backup ftp server (serves as failover to my ftp
> server).
>
> LVS external interface(eth0) = 176.18.24.2
> External VIP for FTP and backup-ftp realservers = 176.18.24.1
> LVS internal interface (eth1) = 10.0.0.2
> internal VIP our realserver will use as gateway = 10.0.0.1
> ip_of_ftp_server = 10.0.0.3
> back_ftp = 10.0.0.4
>
> I've used keepalived + ipvsadm here: ipvsadm now says:
>
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> TCP VIP_of_FTP:ftp rr
> -> IP_OF_FTP_SERVER:ftp Masq 1 0 0
> -> IP_OF_BACKUP_SERVER:ftp Masq 1 0 1
>
> on my iptable rule i did:
>
> iptables -t nat -A PREROUTING -d 10.0.0.1 -p tcp --dport 21 -j DNAT
> --to-destination 10.0.0.4
>
> iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j MASQUERADE
>
>
> Now when i stop the ftp service on ftp_server, my internal/local users
> can still access the ftp since keepalived is redirecting the packet into
> backup_ftp server at port 21 but i can't understand if why users from
> outside our network cannot use ftp. What seems to be the problem on my
> setup? Is there anything missing on my config?
Have you inserted the ip_vs_ftp helper module into the kernel?
--
Horms
|
