[lvs-users] FTP problem

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] FTP problem
From: Keith Edmunds <kae@xxxxxxxxxxxxxxx>
Date: Fri, 20 Feb 2009 16:35:19 +0000
I have a problem with FTP via a director server to a real server. I
realise I'm not the first, but I've Googled and read old mails from this
list to no avail.

Setup: two director servers giving access to two real servers. The
director servers pass FTP (and HTTP) connections as 'masq' to one or other
of the real servers. HTTP works without problem. For the purposes of
testing, one director and one real server have been disabled.

Problem: FTP access from the outside world ("office") to the VIP on the
director results in an FTP login prompt from the real server. The login is
successful. Issue an 'ls' command from the FTP client and the connection

Analysis: a tcpdump from the director server shows the 'ls' command (as
"LIST") from the office IP to the director, and again from the director
to the real server (masqueraded, as expected). Next an ftp-data (port 20)
SYN is made from the real server to the director, and then from the
director to the office IP, again as expected. Finally, the office IP
responds with a SYN,ACK which is received by the director but never passed
on to the real server. The pattern then repeats, as expected, with the
real server sending SYNs and the office IP responding with SYN,ACKs but
the director server never passes the SYN,ACK to the real server.

On the director server:

# lsmod|grep ftp|awk '{print $1}'

I'm at a loss to understand why the director isn't passing the SYN,ACK
back to the real server.


Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>