Hi, I use proftpd, but i guess there are some similar things. I has also the same ipvs setup and has also only active ftp working...
Perhaps, to make work the passive mode, we should add a permanent listener on passive ports on the centos box, with something like ipvsadm -A -t $realip:50000-60000 -s wrr ipvsadm -a -t $realip:50000-60000 -r 10.1.6.11 -m ipvsadm -a -t $realip:50000-60000 -r 10.1.6.12 -m firewall-cmd --zone=public --add-port=50000-60000/udp --permanent First, it is not working (multiple ports are not allowed) but i also prefer, for security reasons to have not so many ports opened on my server. In active mode, the ip_vs_ftp do all the job via conntrack : conntrack -L | grep dport=21 In this case, the only needed setup to make it work is to allow FTP traffic : firewall-cmd --zone=public --add-port=21/udp --permanent and setup via ipvsadm the loadbalancing. So, do you really need the ftp passive mode ? -- Ivan _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users