How to NAT The FTP-DATA Connection?

Graeme Fowler graeme at graemef.net
Sat Dec 23 09:12:36 GMT 2006 

On Fri, 2006-12-22 at 22:44 -0800, Robinson, Eric wrote:
> No. The configuration looks basically as follows. This is a
> simplification. The real configuration has 2 corporate firewalls
> (active/passive cluster), 2 load-balancers (active/passive cluster), and
> 2 FTP servers. But I'm no good at creating ASCII network drawings.
<sip>
> Attached is an Ethereal trace (ftp_nonat) captured on "My PC" when I
> initiated an FTP connection to the VIP of the load-balancer. The
> transaction starts on packet #3. In packet #23 you can see my GET
> command with the destination of the VIP. In the next packet, you see the
> RealServer open the FTP-DATA connection with a source address of
> 192.168.10.62.
> 
> The load-balancer's internal interface (192.168.10.100) is the FTP
> server's default gateway.

Do your machine and the "corporate" networks have routes to each other?
If they do, then that would explain why you're seeing what you're seeing
- the route will override the LVS and spit the packets back at you
unaltered.

Can you drop the tunnel and use real, internet-facing IPs for your
session instead?

Graeme

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list