|
Kai wrote:
Hi list,
I am using LVS/NAT on my network.I can via real server by using either port
mode or passive mode.
Over the director, correct?
For security reason, ssl based ftp was required .After
added ssl based ftp auth to real servers,client computers can not connect to
real server by using passive mode.But in port mode it works well.
IIRC you need to load balance port 22 too.
I think the problem is ,data which ftp server send to client include the
server's passive port was crypted by ssl.so the LVS don't know which port
should be translate and open .Does it correct ?
AFAICR this isn't the issue. The client receives the PASV command and
then translates the PORT into a local ssh tunnel forward. So I think you
have to also load balance port 22 TCP.
Is there any resolvent?
Definitely, although I'm not sure if my suggestion is good enough. After
all there is always the port 0 feature :).
Any advise would be appreciated.
A tcpdump of _one_ session attempt would be appreciated, both from the
load balancer and the RS.
Thanks and best regards,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
| 