I can't change the client's, My "Main" Firewall is not nating traffic
to the LVS box, the only NAT is in the LVS box.
To be more clear i don't have any problems with the ftp traffic, My
HTTPS traffic is problematic.
Sessions disconnects and timeouts, in those moments i'm seeing my
firewall dropping the reply packets from the "hidden" web servers,
since they use private ip's the LVS should automaticly NAT the reply
packet to the client.
since https is persistent and loading the ip_vs_ftp is (according to
the HOWTO) is problematic with persistent connection i think its this
ftp bug.
Can i nat ftp traffic on the LVS for one of the web servers with
iptables and still load balance http+https traffic?
T.I.A
Tomer Okavi.
On 11/1/05, Peter J Milanese <PMilanese@xxxxxxxx> wrote:
> Did you try using passive ftp on your clients? You have a lot of natting
> going on and ftp is notorious for problems with this. Can you do a one to one
> nat on any of the firewalls?
>
> P
>
> -----------------
> Sent from my NYPL BlackBerry Handheld.
>
>
> ----- Original Message -----
> From: lvs-users-bounces
> Sent: 11/01/2005 06:24 AM
> To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Subject: FTP Bug Maybe?
>
> Hey guys
>
> First a very small "success story".
> I've been using LVS/NAT for 4 months or so to load balance 2 IIS6 Servers.
> it's doing 5 Mbit traffic mainly https.
> I'm using Fedora core 4 and Ultramonky, it's a single director setup.
>
> Now for the problem :)
> Most of the traffic is https (persistent).
> i've noticed that the firewall infront of the lvs box is droping
> packets originating for the iis servers behind the LVS. since the LVS
> is NAT'ing the Web server this is weird.
>
> Google'd a little bit and noticed that in the LVS-HOWTO they mention a
> FTP BUG
> (http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#LVS-NAT_ftp_bug)
>
> Since my setup is LVS/NAT and i also maped ftp to one of the servers
> (without load balancing), i had to load ip_vs_ftp and ip_nat_ftp.
> so it looks like it's the ftp bug
>
> To solve this I'm planning reinstalling the box with a custom kernel
> applied with the patches suggested in the article.
>
> Does anyone know if there's a distro with those patches already applied?
> Could it be something else causing the problem?
>
>
> Thanks
>
> Tomer Okavi.
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
|