TR: Connection tracking with lvs
ja at ssi.bg
Sun Aug 29 06:14:08 BST 2004
On Fri, 27 Aug 2004, Stéphane Klein wrote:
> > But , i've tried to use your example to setup active and passive FTP.
> > I can authenticate, but i can't list or send data. I can see packet
> > in the conntrack file that with dport=20, but the ftp server tried
> > to send a SYN_SENT and have no reply.
> > ip_vs_ftp is loaded as module
> > ip_nat_ftp and ip_conntrack_ftp are in the kernel
> > I used iptables rules of your example in the HOWTO.
> > I saw this article where you said it's necessary to patch the
> > kernel to work
> > with ip_nat_ftp
> > (http://www.in-addr.de/pipermail/lvs-users/2004-June/011955.html)
> > That patch is for kernel 2.6.5. Is this patch included in
> > your nfct patch or is
> > it necessary to apply this patch?
Yes, it is needed if you are loading ip_nat_ftp. I didn't
received any replies from the netfilter coreteam about this patch,
so I just linked it to the web site: ip_nat_ftp-2.6.5-1.diff
Julian Anastasov <ja at ssi.bg>
More information about the lvs-users