ok thanks, ill try that out. Jason
On Sun, Jun 28, 2015 at 12:35:49PM +0200, horst.ven...@remsnet.de , Horst Venzke ,Remsnet Consulting und Internet Services LTD, Niederlassung Deutschland wrote: > > > hey folks, > > Hello Jason, > > > > export realip=(outside ip address of my server) > > > ipvsadm -A -t $realip:21 -s wrr > > > ipvsadm -a -t $realip:21 -r 10.1.6.11 -m > > > ipvsadm -a -t $realip:21 -r 10.1.6.12 -m > > > > > > 10.1.6.11=vsftp server 1 > > > 10.1.6.12=vsftp server 2 > > That setup reads as an plan for LVS-NAT ... but with incompleted LVS-NAT > rules. > You need to cover ALL configured vsftpd server PORTS on the LVS balancer > nodes - otherwise you'll never see an SYNC nor an ACK :) > > with LVS-DR the vsftpd can give direct answers , on LVS-NAT you have to > take care of the configured redirected ports very carefully. > > You probably also need the ip_vs_ftp kernel modules.. > > # lsmod | grep ftp > ip_vs_ftp 6731 0 > nf_nat 16229 1 ip_vs_ftp > ip_vs 157311 6 ip_vs_ftp,ip_vs_rr > > > so it shuold be i.e : > > > > > > ipvsadm -A -t $realip:20-21 -s wrr > > > > ipvsadm -a -t $realip:20-21 -r 10.1.6.11 -m > > > > ipvsadm -a -t $realip:20-21 -r 10.1.6.12 -m > > > > > > ipvsadm -A -t $realip:50000-60000 -s wrr > > > > ipvsadm -a -t $realip:50000-60000 -r 10.1.6.11 -m > > > > ipvsadm -a -t $realip:50000-60000 -r 10.1.6.12 -m > > > > > if still issuies , then install wireshark on lvs , that will extactly tell > you want been happen on your LVS Nodes network traffiik. > > > For passv vsftpd you must configure like this : > http://splatdot.com/running-vsftpd-behind-a-nat-firewall/ > and let the ports 20/21 + passvive ftp ports traffic pass your lvs-nat > setup. > > if you want passiv sftpd you need as well some other standard ports for that > , i.e 115 . > > > > Check if INPUT firewall rules allow the passive data > > > traffic. For example, such rules may help: > > > > > > # Accept FTP DATA (related) and FTP CONTROL (established) traffic: > > > iptables -A INPUT -p tcp -d $VIP -m state --state RELATED,ESTABLISHED -j > > > ACCEPT > > > # Accept FTP CONTROL: > > > iptables -A INPUT -p tcp -d $VIP --dport 21 -m state --state NEW -j ACCEPT > > > > I whuold suggest to use i.e keepalived to manage your LVS-NAT FTP port Rules > and the IP failover . > ..take care of port & NAT routing !! > - > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Cluster_Administration/s1-lvs-ftp.html > - http://keepalived.org/LVS-NAT-Keepalived-HOWTO.html > > Keepalive can also handel the required virtual gateway IP on the private > network well. > > > Hope this helps. > > > -- > Mit freundlichen Grüßen / Best Regards > > Horst Venzke ; PGP NET : 1024G/082F2E6D ; http://www.remsnet.de - 1995 - > 2015 - 20 Jahre Linux/Unix Support. > > Legal Notice: This transmittal and/or attachments may be privileged or > confidential. It is intended solely for the addressee named above. Any > review, dissemination, or copying is strictly prohibited. If you received > this transmittal in error, please notify us immediately by reply and > immediately delete this message and all _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users