With some iptables rules you can use FTP active and passive mode via haproxy.
The key is to assign unique passive port ranges to each backend then port forward those ranges. You must be able to configure each FTP server daemon with it's own range. You must also be able to configure your FTP daemon to maquerade as the load balancer so that it sends the proper address for port commands etc. Most FTP servers support the necessary optiona. On May 8, 2015 10:20 AM, "Baptiste" <bed...@gmail.com> wrote: > On Fri, May 8, 2015 at 4:02 PM, Shawn Heisey <hapr...@elyograg.org> wrote: > > I have a load balancer setup with both haproxy and LVS-NAT. The LVS-NAT > > is giving us high availability for FTP. > > > > When I tried migrating everything from CentOS 5, where it all works, to > > Ubuntu 14 (for the newer kernel and because I find debian-based systems > > far easier to use), everything worked except passive FTP. > > > > Is there a viable solution for FTP through haproxy? The machine has > > public IP addresses on one side and private on the other, and is > > configured with ip forwarding turned on, so the redundant pair acts as > > the default gateway for the backend machines. Everything is behind a > > Cisco firewall, so I have disabled the ufw firewall that Ubuntu includes. > > > > Alternatively, if someone can help me make passive FTP work through > > LVS-NAT like it does on CentOS, I am fine with that. I've asked for > > help on that here: > > > > > http://askubuntu.com/questions/620853/lvs-nat-doesnt-work-with-passive-ftp-active-ftp-is-fine > > > > Thanks, > > Shawn > > > > > Hi Shawn, > > Well, FTP can work in active mode only. > To configure it, you must open port 21 and the active ports where you > FTP server expects the user to get connected to. > > Baptiste > >
