|
On Tue, 22 Nov 2005, Ranga Nathan wrote:
> Doesn't FTP use port 20 for data transfer? I am not sure if it is
> active or passive that does it. Looks like port 20 traffic may be going
> to the load balancers.
Traditionally, with active FTP the server initiates the data connection
from port 20 to the client on port >1023. But I believe at least one
(vsftpd) can also be configured to initiate this connection from a high
port number. With passive ftp port 20 is never used.
> You may want to add port 20 to your configuration.
How? I don't think so. The connection is initiated from the realserver...
what is there to balance?
> You should not have this problem if you use firewall marks and drop
> port-based balancing. Of course this will open up traffic for all ports
> on the real servers :-)
That would work only (I think) if I had only one real server.
The second connection needs to be SNATed properly and 'reply' packets from
the client need to be balanced to the same realserver as the initial
control connection, which is (if I understand correctly) what the
ip_vs_ftp module should handle.
Hmmm... maybee.... Does 'masquarade' ineroperate with ip_vs? Or should I
use SNAT on the loadbalancer?? I'll give it a go tomorrow but if anyone
knows the anser please let me know.
Rgds,
Mark.
>
> Mark de Vries wrote:
>
> >Hi,
> >
> >I have little setup where I balance mulitple FTP services behind a pair of
> >ip_vs loadbalancers. Each box has it's own public IP and there are 6 or so
> >VIPs/aliasses that are on which ever box is the active balancer. FTP
> >services are balacend to two hosts with lvs-NAT.
> >
> >No I've noticed that active FTP is borken. On the client side I can see
> >that the ftp-data connection is comming from the IP of the loadbalancer
> >instead of the VIP I made the innitial connection to.
> >
> >I have:
> >
> >Prot LocalAddress:Port Scheduler Flags
> > -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> >TCP IP1:80 wlc persistent 1800
> > -> 10.31.67.203:80 Masq 10 0 0
> > -> 10.31.67.202:80 Masq 10 0 0
> >TCP IP2:80 wlc
> > -> 10.31.67.207:8587 Masq 10 3 8
> > -> 10.31.67.207:8586 Masq 10 1 12
> > -> 10.31.67.207:8585 Masq 10 2 10
> >TCP IP3:21 wlc
> > -> 10.31.67.203:21 Masq 10 15 62
> > -> 10.31.67.202:21 Masq 10 16 53
> >TCP IP4:21 wlc persistent 1800
> > -> 10.31.67.209:21 Masq 10 0 0
> > -> 10.31.67.208:21 Masq 10 0 0
> >TCP IP5:21 wlc persistent 1800
> > -> 10.31.67.206:21 Masq 10 0 0
> > -> 10.31.67.205:21 Masq 10 0 0
> >
> >When I connect to IP3:ftp everything works fine untill I initiata a data
> >transfer. On the client I see an incomming connection from IP0 (the
> >primary IP of the balancer which has no virtual services) which is refused
> >by the client because it comes from the wrong IP.
> >
> >Passive ftp works fine.
> >
> >The kernel version is 2.6.12.6. The ip_vs_ftp module is loaded (and also
> >tried with and without ip_conntrack_ftp)... And I don't know where to look
> >for the problem.
> >
> >Any help welcome! :)
> >
> >Regards,
> >Mark
> >
> >_______________________________________________
> >LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> >Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> >or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> >
> >
> >
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
Regards,
Mark
|
