[lvs-users] FTP data port connection not closing?

Owain Jones Owain at 4ColourDigital.com
Tue Aug 29 14:47:37 BST 2017


Okay, now we're getting somewhere interesting.

Looking at the pure-ftpd verbose log, it shows a connection from 
192.168.0.1 (the router). Then 192.168.0.1 logs in - so it's 
user at 192.168.0.1 - and it issues a few commands - "opts", "pbsz", 
"prot", "pwd" - then it says:

(?@192.168.0.100) New connection from 192.168.0.100
(?@192.168.0.100) Logout

And it has this a few times in a row.

The thing is, 192.168.0.100 is the DIP. 192.168.0.99 is the VIP. 
192.168.0.1 is the router IP (which is NAT'ing for the client, so 
effectively the CIP).

What seems to be happening is that it's correctly connecting to the FTP 
server initially, but then it's wrongly connecting as the director with 
the DIP half-way through.

This is probably, based on when it's happening, when the client is 
making a connection to the passive port range. But, the thing is, for 
that even be reaching the FTP server, the firewall marks must be 
working, as that's what LVS is using to redirect to the FTP server.

But it hasn't got the correct IP address.

Why's this happening? And how would I fix it?



More information about the lvs-users mailing list