|
On Tue, 7 Nov 2006, Antonio Forster wrote:
Julian,
Is this a problem you recognise?
Hello all,
Hi Antonio,
Unfortunately ftp and LVS have had more than their
share of problems.
The problem arrives when the outbound connection is FTP. For some
strange reason, it more than one instance on that N:1 NAT is active,
it breaks ip_nat_ftp and the PORT command in the ftp session goes with
the real IP address of the instance, while if only one instance in
that virtual server is active, ip_nat_ftp works fine. An example:
the first LVS-NAT ftp helper broke the regular NAT ftp
helper, then a later version was compatible. Maybe they're
incompatible again.
Unfortunately we cannot use passive FTP due to security rules, so
active must be used. But we tested passive ftp sessions, and it works
ok though.
For some reason, it seems that ip_nat_ftp's behavior is being changed
by the LVS code, but I couldnt find why.
There are other problems with the LVS-NAT code at the moment
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#lvs_nat_problems
you can read about the LVS ftp helper here
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.services.multi-port.html#ftp
I expect you've found a bug. You're the first person in
forever to want to ftp in both directions. I don't expect
this bug is going to get much attention from anyone, I'm
sorry. Can you scp/sftp out from the director using files
nfs mounted from the realserver (terrible security problem I
know)?
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
