How to NAT The FTP-DATA Connection?

[Joseph Mack NA3T]

On Tue, 26 Dec 2006, Robinson, Eric wrote:

>> Do you have the ip_vs_ftp module loaded?
>
> In fairness to Joe, he told me to load the ftp helper module in his very
> first message on Friday morning, but I questioned this because the HOWTO
> states in several places that the helper module is only required for
> *passive* ftp. Then Graeme read the source code and confirmed that the
> helper is in fact required for active FTP.
>
> Unfortunately, I thought the module was already loaded because
> ip_vs_ftp.ko showed up in the output of modprobe. That was a pure newbie
> mistake. I checked just now and lsmod did not show it. After loading it,
> things now work correctly!

this has been a long haul. The ftp_helper strikes again. I'm 
glad we've figured out what's going on.

> A couple of observations...
>
> 1. Joe, I gather from this that ip_vs_ftp does NOT necessarily load
> automatically when you run ipvsadm with ftp as a virtual service, as you
> indicated on Friday. Does that mean I should put it in rc.local?

I guess so, anywhere will do.

Horms,
 	Eric's setup didn't load ip_vs_ftp. Any ideas what 
might be going on?

> 2. It might be a good idea to amend the HOWTO. It seems the helper
> module is ALWAYS needed, not just for passive ftp.

glad we have that figured out. I couldn't imagine how ftp 
would work without it, but Wensong said it wasn't needed. I 
wondered if he'd written the ftp helper function for active 
ftp into ip_vs. I'll put it the next HOWTO (Jan 2007's is 
out already).

Thanks for straightening us out.

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!