|
On Thu, Feb 19, 2004 at 09:11:25PM +0900, Kai wrote:
> Hi list,
> I am using LVS/NAT on my network.I can ftp to the real servers by using
> either PORT
> mode or PASSIVE mode .For security reason, SSL based ftp was required .After
> added SSL based ftp auth to the real servers,client computers can not
> connect to
> the real server by using PASSIVE mode.But in PORT mode it works well.
> I think the problem is ,the data which ftp server send to client include
> the
> server's passive port was crypted by SSL.So the LVS don't know which port
> should be translated and opened .Does it correct ?
Yes, that sounds likely. Try tracing the traffic using something like
ngrep.
> Does LVS support the SSL based FTP?
> If not,is there any resolvent ?
> Any advise would be appreciated.
If your guess is correct, then no. Well, not unless
you get the linux director to handle the ssl and just
talk plain-text to the real-servers, but then
that isn't LVS.
--
Horms
|
