NAT FTP Clients and Linux-2.6 on Load-Balancer

Roger Tsang roger.tsang at gmail.com
Wed Aug 31 03:19:27 BST 2005


Okay. What does tcpdump on the client side say? Look at where the packet was 
last seen.

Roger

On 8/30/05, Donald J Giuliano <guido at operations.ocs.ou.edu> wrote:
> 
> It seems as though it would have something to do with that, but why
> then does active FTP work with the load-balancers running 2.4.26?
> The FTP clients behind a NAT (i.e., our users) work fine with the
> load-balancers running 2.4.26, but not with the ones running
> 2.6.12. It's the same NAT on the client side either way.
> 
> --Don
> 
> On Tue, 2005-08-30 at 17:35 -0400, Roger Tsang wrote:
> > Your NAT firewall is blocking active FTP.
> >
> > Roger
> >
> >
> > On 8/30/05, Donald J Giuliano <guido at operations.ocs.ou.edu> wrote:
> > Actually, to clarify, it is only active FTP that fails on the
> > new
> > load-balancers. Passive FTP works fine. It should also be
> > noted that
> > active FTP has no trouble whatsoever on the current machines
> > running
> > 2.4.26 .
> >
> > --Don
> >
> > On Tue, 2005-08-30 at 17:30 +0000, Donald J Giuliano wrote:
> > > Hi,
> > >
> > > I'm currently working to migrate two linux-2.4/keepalived
> > IPVS
> > > load-balancers to new machine running linux-2.6 /keepalived.
> > > Everything works perfectly on the old setup, but on the new
> > machines
> > > the load-balanced FTP fails when the client is behind a NAT
> > > firewall. I'm running the Antefacto ipvs-nfct patch on both
> > the 2.4.26
> > > and 2.6.12 configuration so that the LBs can also function
> > as
> > > firewalls. I have made no changes to the iptables
> > configuration,
> > > other than removing some superfluous rules filtering
> > "unclean" packets,
> > > which aren't supported in 2.6 anyway. All the same IPVS
> > kernel modules
> > > are loaded on both machines. The keepalived configurations
> > are
> > > identical. Any idea what would cause this problem?
> > >
> >
> > _______________________________________________
> > LinuxVirtualServer.org mailing list -
> > lvs-users at LinuxVirtualServer.org
> > Send requests to lvs-users-request at LinuxVirtualServer.org
> > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> >
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>


More information about the lvs-users mailing list