LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

RE: How to NAT The FTP-DATA Connection?

from [Robinson, Eric] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: How to NAT The FTP-DATA Connection?
From: "Robinson, Eric" <eric.robinson@xxxxxxxxxx>
Date: Tue, 26 Dec 2006 11:22:50 -0800 
>Hmmm.... no, I think there's a misunderstanding. For "us" 
>loadbalancer == director. I think Robin means the lvs
layer/subsystem/wherever, 
>as in "the director runs on the loadbalancer". Robin?

That is PRECISELY correct. Nice job of interpreting what I was trying to
say. I meant that when the FTP server initiates the FTP-DATA connection,
its packets are arriving at the inside interface of the load-balancer,
but they are seemingly being ignored by LVS (i.e, not being processed by
the "director" *software*) and are instead simply getting routed.

>Do you have the ip_vs_ftp module loaded?

In fairness to Joe, he told me to load the ftp helper module in his very
first message on Friday morning, but I questioned this because the HOWTO
states in several places that the helper module is only required for
*passive* ftp. Then Graeme read the source code and confirmed that the
helper is in fact required for active FTP.

Unfortunately, I thought the module was already loaded because
ip_vs_ftp.ko showed up in the output of modprobe. That was a pure newbie
mistake. I checked just now and lsmod did not show it. After loading it,
things now work correctly!

A couple of observations...

1. Joe, I gather from this that ip_vs_ftp does NOT necessarily load
automatically when you run ipvsadm with ftp as a virtual service, as you
indicated on Friday. Does that mean I should put it in rc.local?

2. It might be a good idea to amend the HOWTO. It seems the helper
module is ALWAYS needed, not just for passive ftp.

Many thanks to everyone who took time to think about this with me.

--Eric









Disclaimer - December 26, 2006 
This email and any files transmitted with it are confidential and intended 
solely for LinuxVirtualServer.org users mailing list.. If you are not the named 
addressee you should not disseminate, distribute, copy or alter this email. Any 
views or opinions presented in this email are solely those of the author and 
might not represent those of Physician Select Management (PSM) or Physician's 
Managed Care (PMC). Warning: Although the message sender has taken reasonable 
precautions to ensure no viruses are present in this email, neither PSM nor PMC 
can accept responsibility for any loss or damage arising from the use of this 
email or attachments.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  will be away 28 Dec - 30 Jan, Joseph Mack NA3T
Next by Date:  RE: How to NAT The FTP-DATA Connection?, Joseph Mack NA3T
Previous by Thread:  Re: How to NAT The FTP-DATA Connection?, Antonio Forster
Next by Thread:  RE: How to NAT The FTP-DATA Connection?, Joseph Mack NA3T
Indexes:  [Date] [Thread] [Top] [All Lists]