LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: A problem about LVS/NAT

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: A problem about LVS/NAT
From: Roberto Nibali <ratz@xxxxxxxxxxxx>
Date: Sat, 29 Nov 2003 12:16:03 +0100
Kai wrote:
Hi list,
 I am using LVS/NAT on my network.I can via real server by using either port
mode or passive mode.

Over the director, correct?

For security reason, ssl based ftp was required .After
added ssl based ftp auth to real servers,client computers can not connect to
real server by using passive mode.But in port mode it works well.

IIRC you need to load balance port 22 too.

 I think the problem is ,data which ftp server send to client include the
server's passive port was crypted by ssl.so the LVS don't know which port
should be translate and open .Does it correct ?

AFAICR this isn't the issue. The client receives the PASV command and then translates the PORT into a local ssh tunnel forward. So I think you have to also load balance port 22 TCP.

Is there any resolvent?

Definitely, although I'm not sure if my suggestion is good enough. After all there is always the port 0 feature :).

 Any advise would be appreciated.

A tcpdump of _one_ session attempt would be appreciated, both from the load balancer and the RS.

Thanks and best regards,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc

<Prev in Thread] Current Thread [Next in Thread>