On Thu, May 22, 2008 at 10:53:14PM +0200, Alberto Giménez wrote:
> On Thu, May 22, 2008 at 8:00 PM, Willy Tarreau <w#1wt.eu> wrote:
> > On Thu, May 22, 2008 at 05:12:18PM +0200, Alberto Giménez wrote:
> >> On Thu, May 22, 2008 at 4:30 PM, Willy Tarreau <w#1wt.eu> wrote:
> >> > On Thu, May 22, 2008 at 04:27:51PM +0200, Alberto Giménez wrote:
> >> >
> >> > that means you're doing passive FTP if the client wants to connect to the
> >> > server.
> >>
> >> Hi again,
> >>
> >> I think I didn't explain myself very well. I meant that packets were travelling
> >> between server and client directly, without passing by the haproxy bos, so
> >> the conversation goes like this:
> >>
> >> client -> haproxy (21)
> >> client <- haproxy (21) (and so on...)
> >>
> >> but when I make a "ls" on the client side and it performs the PORT operation,
> >> tcpdump tells:
> >>
> >> FTPserver (20) -> client (P)
> >> FTPserver (20) <- client (P)
> >>
> >> So It seems the rule is not taking effect... Any other idea? Could you show
> >> some parts of your configuration to see if I'm missing something?
> >
> > are you sure that your servers have their default route through the haproxy ?
>
>
> Sure. I perform the tcpdump on the haproxy machine and I can see all the info,
> but as I stated before, SNAT seems not to be "applied" at all. I've been
> running crazy all the day and finally I decided not to "load balance" FTP
> service until I find a working solution :(
>
> Any other idea?
Just out of curiosity, would you happen to have the ip_nat_ftp module loaded ? Maybe it is interfering with something here ?
Willy Received on 2008/05/22 23:07
This archive was generated by hypermail 2.2.0 : 2008/05/22 23:15 CEST