|
Joe said:
>Can you plunk your laptop (or whatever) down into the
>network of the VIP for testing?
Unfortunately, I cannot take the tunnel out of the equation for a couple
of reasons. The whole infrastructure is 500 miles from me. (I'm in
Carson City, NV. The servers are in a Las Vegas colo). But even if I
could remove the tunnel for diagnostic purposes, the users that access
the system all do so over site-to-site tunnels, the same as it shows in
my ASCII drawing, so it eventually has to work that way. I know this
complicates the diagnostic process. :-(
Joe said:
>Here you're showing me what doesn't work. You have something that does
>work (the ftp-data from the RIP). Can you show me how that works?
The best I can do is show you both sides of the conversation...
Here's a link to the Ethereal trace captured on "My PC," which would
look the same for my production clients.
www.pmcipa.com/downloads/ethereal_ftp_nonat.trace
And here's a link to a tcpdump taken on the server showing the other end
of the same conversation.
www.pmcipa.com/downloads/tcpdump_ftp_nonat.txt
Graeme said:
>Do your machine and the "corporate" networks have routes
>to each other? If they do, then that would explain why you're
>seeing what you're seeing - the route will override the LVS
>and spit the packets back at you unaltered.
Referring back to the ASCII drawing I posted earlier, "My PC" only has a
default route that points to 10.0.0.3, the inside intreface of the
client's firewall. On the corporate side, the FTP server only has a
default route that points to 192.168.10.100, the inside interface of the
load-balancer.
Mark said:
>Apparently - I've noticed - ftp-clients don't care where the
>connection originates from.
I agree. Nothing else seems to explain this behavior. Should be easy
enough to test that theory. Today, though, it's time for last-minute
Christmas shopping with my 6 year old. :-)
--Eric
Disclaimer - December 23, 2006
This email and any files transmitted with it are confidential and intended
solely for LinuxVirtualServer.org users mailing list.. If you are not the named
addressee you should not disseminate, distribute, copy or alter this email. Any
views or opinions presented in this email are solely those of the author and
might not represent those of Physician Select Management (PSM) or Physician's
Managed Care (PMC). Warning: Although the message sender has taken reasonable
precautions to ensure no viruses are present in this email, neither PSM nor PMC
can accept responsibility for any loss or damage arising from the use of this
email or attachments.
|
