Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Load balancing through NAT
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
CoderGnome
n00b
n00b


Joined: 02 Jan 2004
Posts: 9
PostPosted: Thu Apr 15, 2004 12:53 pm    Post subject: Load balancing through NAT Reply with quote
Hi everyone.
I just finished setting up a load balancing Gentoo Linux box, using LVS (Linux Virtual Server) and IP Tables for load balancing and NAT/firewall respectively.

Everything works at this time, except that this box also needs to pass FTP through the firewall. Even though this is a 1:1 mapping to a back-end (Windows) machine at this time, this could change. Thus, I am using IPVS for all incoming connections. However, because there are multiple backend machine, I am using non-standard ports (2121-2123). This seems to be the root of the problem.

Unfortunately, the ip_conntrack_ftp and ip_nat_ftp modules do not seem to be doing anything. I have passed the ports= module arguments to the modules on load (through /etc/modules.conf). I compiled them with debugging on, by changing an #if 0 to #if 1 in the .c files for the modules, but all they say in the system logs for the connections are "ftp: Conntrackinfo = 2" for each packet. From reading the source for the modules, it would seem like that should be what it does only on the initial packets, before the connection is established.

I would very much appreciate any help with this. I have bashed my head against this problem for some time now, and my boss is anxious for this hurdle to be behind us. This also represents a significant inroad for Linux into this company (I'm a huge Linux fan, especially Gentoo Linux; as mentioned before, the other machines are all Windows).

Thanks in advance.
Back to top
View user's profile Send private message
CoderGnome
n00b
n00b


Joined: 02 Jan 2004
Posts: 9
PostPosted: Thu Apr 15, 2004 2:08 pm    Post subject: Reply with quote
I have made a fair bit of progress, but it's still not quite right.

I did some more searching around, and found the ip_vs_ftp module, which I did not have installed (duh). I have loaded it now, and things are working better. The PORT command is being mangled right to show the external IP, not the internal IP like it was before, which is good. However, the firewall was eating the data connections. I opened it right up by removing the DROP rules and setting the default policies to ACCEPT, and now it works fine. However, I can't figure out what the iptables rule should be to lock this down again, but still allow the FTP data connection.

Also, "ftp: Conntrackinfo = 2" still appears repeatedly in the logs, one for every packet over the FTP data connection. Is this normal?
Back to top
View user's profile Send private message
richard.scott
Veteran
Veteran


Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK
PostPosted: Tue Jan 25, 2005 10:48 pm    Post subject: Reply with quote
Can you post your config scripts?

What packet management method are you using? DUN, TUN, NAT?

Are you using keepalived for the LVS management?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy