we use this together with firewall mark rule in lvs-DR (piranha) and
scheduler "rr" and persistent = 20:
-A PREROUTING -d $VIP-i eth0 -p tcp -m tcp --dport 10000:20000 -j MARK
--set-mark 0x14
-A PREROUTING -d $VIP -i eth0 -p tcp -m tcp --dport 20 -j MARK
--set-mark 0x14
-A PREROUTING -d $VIP -i eth0 -p tcp -m tcp --dport 21 -j MARK
--set-mark 0x14
also vsftpd.conf is configured with
pasv_min_port=10000
pasv_max_port=20000
hope this helps?
regards,
johannes
p.s.: of course the main firewall has to open the appropiate ports as well
Christopher Hawkins schrieb:
Never had to load balance it myself, but have heard of FTP over LVS issues
due to lack of persistence (make sure it's on) and due to port 21 and 20
getting sent to different servers. The solution was to remove port 20 from
LVS. With LVS NAT there is a special FTP module you can load, but it should
not be required in LVS DR. Or are you sure the issue is iptables?
Also I would suggest the LVS mailing list if someone here can't solve this
quickly. ;-)
-----Original Message-----
From: linux-cluster-bounces@xxxxxxxxxx
[mailto:linux-cluster-bounces@xxxxxxxxxx] On Behalf Of John Garrity
Sent: Friday, April 04, 2008 3:03 PM
To: linux clustering
Subject: iptables rules for LVS-DR cluster
I'm trying to get ftp working in a LVS DR cluster. I think it's the iptables
rules that might be giving me a problem. I have http services working well.
Can someone who has ftp working share their ip tables rules? I'm new at this
so please go easy on me. Thanks!
--
Linux-cluster mailing list
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster
--
Linux-cluster mailing list
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster
--
Linux-cluster mailing list
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster
