|
On Fri, 22 Dec 2006, Robinson, Eric wrote:
the RIPs then must be public IPs?
No. The configuration looks basically as follows. This is a
simplification. The real configuration has 2 corporate firewalls
(active/passive cluster), 2 load-balancers (active/passive cluster), and
2 FTP servers. But I'm no good at creating ASCII network drawings.
OK so you're at home with your client PC and traversing a
bunch of stuff, to arrive at the VIP of the LVS. Can you
plunk your laptop (or whatever) down into the network of the
VIP for testing?
My PC (Client)
| *10.0.0.109
|
| *10.0.0.12
My Firewall
| *Public IP
| ||
| ||
Internet || <- Tunnel
| ||
| ||
| *Public IP
Corporate Firewall
| *192.168.5.1
|
| *192.168.5.100 (VIP)
Load-balancer
| *192.168.10.100
|
| *192.168.10.62 (RIP)
FTP Server
if the client is connecting with the VIP, why is it accepting an
ftp-data connect request from the RIP?
I admit that is a VERY good question.
Here you're showing me what doesn't work. You have something
that does work (the ftp-data from the RIP). Can you show me
how that works?
All I can say is, it is happening.
This might be central to the problem.
Attached is an Ethereal trace (ftp_nonat) captured on "My PC" when I
initiated an FTP connection to the VIP of the load-balancer. The
transaction starts on packet #3. In packet #23 you can see my GET
command with the destination of the VIP. In the next packet, you see the
RealServer open the FTP-DATA connection with a source address of
192.168.10.62.
then what happens to the packet?
The load-balancer's internal interface (192.168.10.100) is the FTP
server's default gateway.
OK
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
| 