[Linux-cluster] iptables rules for LVS-DR cluster
Johannes Russek
johannes.russek at io-consulting.net
Sat Apr 5 00:20:38 UTC 2008
we use this together with firewall mark rule in lvs-DR (piranha) and
scheduler "rr" and persistent = 20:
-A PREROUTING -d $VIP-i eth0 -p tcp -m tcp --dport 10000:20000 -j MARK
--set-mark 0x14
-A PREROUTING -d $VIP -i eth0 -p tcp -m tcp --dport 20 -j MARK
--set-mark 0x14
-A PREROUTING -d $VIP -i eth0 -p tcp -m tcp --dport 21 -j MARK
--set-mark 0x14
also vsftpd.conf is configured with
pasv_min_port=10000
pasv_max_port=20000
hope this helps?
regards,
johannes
p.s.: of course the main firewall has to open the appropiate ports as well
Christopher Hawkins schrieb:
> Never had to load balance it myself, but have heard of FTP over LVS issues
> due to lack of persistence (make sure it's on) and due to port 21 and 20
> getting sent to different servers. The solution was to remove port 20 from
> LVS. With LVS NAT there is a special FTP module you can load, but it should
> not be required in LVS DR. Or are you sure the issue is iptables?
>
> Also I would suggest the LVS mailing list if someone here can't solve this
> quickly. ;-)
>
> -----Original Message-----
> From: linux-cluster-bounces at redhat.com
> [mailto:linux-cluster-bounces at redhat.com] On Behalf Of John Garrity
> Sent: Friday, April 04, 2008 3:03 PM
> To: linux clustering
> Subject: [Linux-cluster] iptables rules for LVS-DR cluster
>
> I'm trying to get ftp working in a LVS DR cluster. I think it's the iptables
> rules that might be giving me a problem. I have http services working well.
> Can someone who has ftp working share their ip tables rules? I'm new at this
> so please go easy on me. Thanks!
>
> --
> Linux-cluster mailing list
> Linux-cluster at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-cluster
>
> --
> Linux-cluster mailing list
> Linux-cluster at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-cluster
>
More information about the Linux-cluster
mailing list