Table of Contents
Advertisement
Chapter 3. Setting Up LVS
Warning
If you are limiting the port range for passive connections, you must also configure
the VSFTP server to use a matching port range. This can be accomplished by
adding the following lines to
pasv_min_port=10000
pasv_max_port=20000
You must also control the address that the server displays to the client for
passive FTP connections. In a NAT routed LVS system, add the following line to
/etc/vsftpd.conf
what the client sees upon connection. For example:
pasv_address=n.n.n.n
Replace
For configuration of other FTP servers, consult the respective documentation.
This range should be a wide enough for most situations; however, you can increase this number
to include all available non-secured ports by changing
.
1024:65535
The following
iptables
floating IP on the appropriate ports a firewall mark of 21, which is in turn recognized by IPVS
and forwarded appropriately:
/sbin/iptables -t mangle -A PREROUTING -p tcp -d n.n.n.n/32 --dport 21 -j MARK
--set-mark 21
/sbin/iptables -t mangle -A PREROUTING -p tcp -d n.n.n.n/32 --dport
10000:20000 -j MARK --set-mark 21
In the
commands,
iptables
server defined in the VIRTUAL SERVER subsection of Piranha Configuration Tool.
Warning
The commands above take effect immediately, but do not persist through a
reboot of the system. To ensure network packet filter settings are restored after a
reboot, see
Finally, you need to be sure that the appropriate service is set to activate on the proper
34
/etc/vsftpd.conf
to override the real server IP address to the VIP, which is
with the VIP address of the LVS system.
n.n.n.n
commands have the net effect of assigning any traffic addressed to the
should be replaced with the floating IP for the FTP virtual
n.n.n.n
Section 6, "Saving Network Packet Filter Settings"
:
in the commands below to
10000:20000
Advertisement
Table of Contents
