On 10/03/2012 08:46 AM, Manish Kathuria wrote:
>>
> I was under the impression that you are running a FTP server inside
> and were facing problems with the incoming traffic for the same. If
> you are primarily concerned with the outgoing traffic through two ISP
> links, please follow the following steps:
>
> 1. Refer to http://www.ssi.bg/~ja/nano.txt for creating your rules.
> 2. Recompile the kernel after applying Julian Anistov's routes patch
> (the URL is there in the earlier messages).
> 3. Make a script to check the status of the links and change the
> default gateway accordingly. Let me know if you need a script.
> 4. Make sure that your firewall (iptables) is stateful and allows
> related and established connections and the NAT and connection
> tracking modules (nf_conntrack, nf_conntrack_ftp, nf_nat and
> nf_nat_ftp) are loaded.
>
> I have followed this approach at a number of places without any
> problems related to FTP or other protocols. The only issue I faced was
> that the patch failed for all the CentOS 5.x kernels I tried (perhaps
> due to some conflict with an existing patch). But its working
> perfectly for the kernels in CentOS 6 and 6.1.
>
> Thanks,
> --
> Manish
>
Hi Manish,
Thanks for the response.
It is good to know there is a general solution. It is too bad that
the referenced patches were never merged into to main kernel tree, forcing people
to have to build and maintain their own kernel.
--
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark@xxxxxxxxxxxxx
http://www.netwolves.com
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
