[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Linux-cluster] iptables rules for LVS-DR cluster



we use this together with firewall mark rule in lvs-DR (piranha) and scheduler "rr" and persistent = 20:

-A PREROUTING -d $VIP-i eth0 -p tcp -m tcp --dport 10000:20000 -j MARK --set-mark 0x14 -A PREROUTING -d $VIP -i eth0 -p tcp -m tcp --dport 20 -j MARK --set-mark 0x14 -A PREROUTING -d $VIP -i eth0 -p tcp -m tcp --dport 21 -j MARK --set-mark 0x14

also vsftpd.conf is configured with

pasv_min_port=10000
pasv_max_port=20000

hope this helps?
regards,
johannes

p.s.: of course the main firewall has to open the appropiate ports as well

Christopher Hawkins schrieb:
Never had to load balance it myself, but have heard of FTP over LVS issues
due to lack of persistence (make sure it's on) and due to port 21 and 20
getting sent to different servers. The solution was to remove port 20 from
LVS. With LVS NAT there is a special FTP module you can load, but it should
not be required in LVS DR. Or are you sure the issue is iptables?

Also I would suggest the LVS mailing list if someone here can't solve this
quickly. ;-)
-----Original Message-----
From: linux-cluster-bounces redhat com
[mailto:linux-cluster-bounces redhat com] On Behalf Of John Garrity
Sent: Friday, April 04, 2008 3:03 PM
To: linux clustering
Subject: [Linux-cluster] iptables rules for LVS-DR cluster

I'm trying to get ftp working in a LVS DR cluster. I think it's the iptables
rules that might be giving me a problem. I have http services working well.
Can someone who has ftp working share their ip tables rules? I'm new at this
so please go easy on me. Thanks!
--
Linux-cluster mailing list
Linux-cluster redhat com
https://www.redhat.com/mailman/listinfo/linux-cluster

--
Linux-cluster mailing list
Linux-cluster redhat com
https://www.redhat.com/mailman/listinfo/linux-cluster


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]