|
Hi Joe,
On 11/7/06, Joseph Mack NA3T <jmack@xxxxxxxx> wrote:
On Tue, 7 Nov 2006, Antonio Forster wrote:
Julian,
Is this a problem you recognise?
> Hello all,
Hi Antonio,
Unfortunately ftp and LVS have had more than their
share of problems.
> The problem arrives when the outbound connection is FTP. For some
> strange reason, it more than one instance on that N:1 NAT is active,
> it breaks ip_nat_ftp and the PORT command in the ftp session goes with
> the real IP address of the instance, while if only one instance in
> that virtual server is active, ip_nat_ftp works fine. An example:
the first LVS-NAT ftp helper broke the regular NAT ftp
helper, then a later version was compatible. Maybe they're
incompatible again.
> Unfortunately we cannot use passive FTP due to security rules, so
> active must be used. But we tested passive ftp sessions, and it works
> ok though.
>
> For some reason, it seems that ip_nat_ftp's behavior is being changed
> by the LVS code, but I couldnt find why.
There are other problems with the LVS-NAT code at the moment
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#lvs_nat_problems
you can read about the LVS ftp helper here
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.services.multi-port.html#ftp
I expect you've found a bug. You're the first person in
forever to want to ftp in both directions. I don't expect
this bug is going to get much attention from anyone, I'm
sorry. Can you scp/sftp out from the director using files
nfs mounted from the realserver (terrible security problem I
know)?
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
