TR: Connection tracking with lvs

Julian Anastasov ja at ssi.bg
Sun Aug 29 06:14:08 BST 2004


	Hello,

On Fri, 27 Aug 2004, Stéphane Klein wrote:

> > But , i've tried to use your example to setup active and passive FTP.
> > I can authenticate, but i can't list or send data. I can see packet
> > in the conntrack file that with dport=20, but the ftp server tried
> > to send a SYN_SENT and have no reply.
> >
> > ip_vs_ftp is loaded as module
> > ip_nat_ftp and ip_conntrack_ftp are in the kernel
> >
> > I used iptables rules of your example in the HOWTO.
> >
> > I saw this article where you said it's necessary to patch the
> > kernel to work
> > with ip_nat_ftp
> > (http://www.in-addr.de/pipermail/lvs-users/2004-June/011955.html)
> > That patch is for kernel 2.6.5. Is this patch included in
> > your nfct patch or is
> > it necessary to apply this patch?

	Yes, it is needed if you are loading ip_nat_ftp. I didn't
received any replies from the netfilter coreteam about this patch,
so I just linked it to the web site: ip_nat_ftp-2.6.5-1.diff

Regards

--
Julian Anastasov <ja at ssi.bg>


More information about the lvs-users mailing list