|
Hi,
Maybe this is not what you'd like to hear, but i just have FTP directly
on the master server, which also has an Internet IP, and then distribute
the files to the other servers trough Unison.
Since i guess you'r using on machine as your fileserver, and not use a
realtime distributed file system your clients will need to wait for the
files to get replicated to the other servers anyway.
In my situation, just add an extra dns record named dev to each domain
which points directly to the primary servers ip. This way any client who
uploads a file or changes a file, can view his changes online asif the
cluster isn't even there. (for the dev. domain its isn't)
greets
Jan
Jonathan Tullett wrote:
Hello,
I've recently (last night) migrated our company hosting site from
single publicly accessable servers onto a load balanced topology using
LVS and keepalived.
95% of the migration went smoothly; no problems at all, however
there's one service that's still failing: FTP.
I've spent all morning looking for a solution to this but I've not
found anything that's worked with active, nor passive, FTP.
Here's what I've got set up at the moment:
Real server: 10.1.0.20 (default GW 10.1.0.10)
Director: 10.1.0.10 (internal), 217.154.117.50 (floating external)
I've got the following modules loaded on the director:
----------------------------------------------
Module Size Used by Not tainted
ipt_MASQUERADE 1464 0 (autoclean)
ipt_MARK 760 0 (autoclean)
iptable_mangle 2136 0 (autoclean)
ip_vs_wlc 612 29 (autoclean)
ip_vs 51624 30 (autoclean) [ip_vs_wlc]
iptable_nat 17934 1 (autoclean) [ipt_MASQUERADE]
ipt_state 536 3 (autoclean)
ip_conntrack 19972 0 (autoclean) [ipt_MASQUERADE
iptable_nat ipt_state]
iptable_filter 1740 1 (autoclean)
ip_tables 12416 8 [ipt_MASQUERADE ipt_MARK
iptable_mangle iptable_nat ipt_state iptable_filter]
tg3 63436 2
rtc 6440 0 (autoclean)
----------------------------------------------
The part of my keepalived.conf that's relevant:
----------------------------------------------
virtual_server fwmark 1 {
delay_loop 6
! which lb technique?
lb_algo wlc
! we are doing NAT
lb_kind NAT
protocol TCP
persistence_timeout 600
real_server 10.1.0.20 21 {
weight 1
}
}
----------------------------------------------
And I have the following IPTABLES rules in place:
----------------------------------------------
/sbin/iptables -t mangle -A PREROUTING -p tcp -d 217.154.117.50/32 \
--dport 21 -j MARK --set-mark 1
/sbin/iptables -t mangle -A PREROUTING -p tcp -d 217.154.117.50/32 \
--dport 1024: -j MARK --set-mark 1
----------------------------------------------
If I connect from work (natted) with active-ftp I get:
----------------------------------------------
publicserver:~# ftp bluebarracuda.com
Connected to bluebarracuda.com.
220 ProFTPD 1.2.10 Server (gingerman) [10.1.0.20]
Name (bluebarracuda.com:root): testftp
331 Password required for testftp.
Password:
230 User testftp logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
425 Unable to build data connection: Connection timed out
----------------------------------------------
And with passive-ftp I get:
----------------------------------------------
publicserver:~# ftp bluebarracuda.com
Connected to bluebarracuda.com.
220 ProFTPD 1.2.10 Server (gingerman) [10.1.0.20]
Name (bluebarracuda.com:root): testftp
331 Password required for testftp.
Password:
230 User testftp logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
227 Entering Passive Mode (10,1,0,20,200,52).
ftp: connect: Connection timed out
----------------------------------------------
What's bizarre though is that if I connect from home (I'm using a
cisco SOHO router which probably has some magic in it) using active
FTP, it works.
I've read that the module 'ip_vs_ftp' needs to be inserted into the
kernel, however when I do that, FTP fails for everything (including
behind my cisco)
I've no idea if it's relevant, but I'm running ProFTPd (as you can see
from the above transcript)
I don't care which FTP I get working, active or passive, but I need to
get one of them working, and get it working all the time (we've
clients that FTP to us) - it's an almost critical service for us)
If anyone has any ideas as to what to try/do next, I would love to
hear them, it's starting to drive me a little nuts :)
Many thanks in advance for any help that can be provided.
Jonathan.
------------------------------------------------------------------------
|
