> > hey folks, Hello Jason, > > export realip=(outside ip address of my server) > > ipvsadm -A -t $realip:21 -s wrr > > ipvsadm -a -t $realip:21 -r 10.1.6.11 -m > > ipvsadm -a -t $realip:21 -r 10.1.6.12 -m > > > > 10.1.6.11=vsftp server 1 > > 10.1.6.12=vsftp server 2 That setup reads as an plan for LVS-NAT ... but with incompleted LVS-NAT rules. You need to cover ALL configured vsftpd server PORTS on the LVS balancer nodes - otherwise you'll never see an SYNC nor an ACK :) with LVS-DR the vsftpd can give direct answers , on LVS-NAT you have to take care of the configured redirected ports very carefully. You probably also need the ip_vs_ftp kernel modules.. # lsmod | grep ftp ip_vs_ftp 6731 0 nf_nat 16229 1 ip_vs_ftp ip_vs 157311 6 ip_vs_ftp,ip_vs_rr so it shuold be i.e : > > > > ipvsadm -A -t $realip:20-21 -s wrr > > > ipvsadm -a -t $realip:20-21 -r 10.1.6.11 -m > > > ipvsadm -a -t $realip:20-21 -r 10.1.6.12 -m > > > > ipvsadm -A -t $realip:50000-60000 -s wrr > > > ipvsadm -a -t $realip:50000-60000 -r 10.1.6.11 -m > > > ipvsadm -a -t $realip:50000-60000 -r 10.1.6.12 -m > if still issuies , then install wireshark on lvs , that will extactly tell you what been happen on your LVS Nodes network traffiik. For passv vsftpd you must configure like this : http://splatdot.com/running-vsftpd-behind-a-nat-firewall/ and let the ports 20/21 + passvive ftp ports traffic pass your lvs-nat setup. if you want passiv sftpd you need as well some other standard ports for that , i.e 115 . > > Check if INPUT firewall rules allow the passive data > > traffic. For example, such rules may help: > > > > # Accept FTP DATA (related) and FTP CONTROL (established) traffic: > > iptables -A INPUT -p tcp -d $VIP -m state --state RELATED,ESTABLISHED -j > > ACCEPT > > # Accept FTP CONTROL: > > iptables -A INPUT -p tcp -d $VIP --dport 21 -m state --state NEW -j ACCEPT I whuold suggest to use i.e keepalived to manage your LVS-NAT FTP port Rules and the IP failover . ..take care of port & NAT routing as Junian suggested. - https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Cluster_Administration/s1-lvs-ftp.html - http://keepalived.org/LVS-NAT-Keepalived-HOWTO.html Hope this helps. -- Mit freundlichen Grüßen / Best Regards Horst Venzke ; PGP NET : 1024G/082F2E6D ; http://www.remsnet.de - 1995 - 2015 - 20 Jahre Linux/Unix Support. Legal Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. Any review, dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all
<<attachment: addressbook.vcf>>
_______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
