Table of Contents
Advertisement
110
Active Connections
When an active connection is established, the server opens a data connection to the
client from port 20 to a high range port on the client machine. All data from the server
is then passed over this connection.
Passive Connections
When a passive connection is established, the client asks the FTP server to establish
a passive connection port, which can be on any port higher than 10,000. The server
then binds to this high-numbered port for this particular session and relays that port
number back to the client. The client then opens the newly bound port for the data
connection. Each data request the client makes results in a separate data connection.
Most modern FTP clients attempt to establish a passive connection when requesting
data from servers.
The two important things to note about all of this in regards to clustering is:
1. The client determines the type of connection, not the server. This means, to effec-
tively cluster FTP, you must configure the LVS routers to handle both active and
passive connections.
2. The FTP client/server relationship can potentially open a large number of ports that
the Piranha Configuration Tool and IPVS do not know about.
9.4.2. How This Affects LVS Routing
IPVS packet forwarding only allows connections in and out of the cluster based on it
recognizing its port number or its firewall mark. If a client from outside the cluster attempts
to open a port IPVS is not configured to handle, it drops the connection. Similarly, if the
real server attempts to open a connection back out to the Internet on a port IPVS does not
know about, it drops the connection. This means all connections from FTP clients on the
Internet must have the same firewall mark assigned to them and all connections from the
FTP server must be properly forwarded to the Internet using network packet filtering rules.
9.4.3. Creating Network Packet Filter Rules
Before assigning any
9.3.1 Assigning Firewall Marks concerning multi-port services and techniques for checking
the existing network packet filtering rules.
Below are rules which assign the same firewall mark, 21, to FTP traffic. For these rules to
work properly, you must also use the VIRTUAL SERVER subsection of Piranha Con-
figuration Tool to configure a virtual server for port 21 with a value of 21 in the Firewall
Mark field. See Section 10.6.1 The VIRTUAL SERVER Subsection for details.
Chapter 9. Setting Up a Red Hat Enterprise Linux LVS Cluster
rules for FTP service, review the information in Section
iptables
Advertisement
Table of Contents
Related Manuals for Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
Related Products for Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER MANAGER - INSTALLATION AND
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
- Red Hat APPLICATION STACK 1.4 RELEASE