Nathan.Polonski at newsedge
Nov 29, 2000, 7:33 AM
Post #5 of 8
I ran the Bastille script against the server, and during that script I
enabled the ip_masq_ftp module.
However, I am not quite sure how to test to make sure that the module is
being loaded properly.
If I run insmod -v -p ip_masq_ftp.o in my /lib/modules/2.2.17 directory I
get the following ouput:
ip_masq_ftp.o: unresolved symbol ip_masq_skb_replace_Rsmp_672fb649
ip_masq_ftp.o: unresolved symbol ip_masq_control_add_Rsmp_78be8c78
ip_masq_ftp.o: unresolved symbol ip_masq_put_Rsmp_5e752b0d
ip_masq_ftp.o: unresolved symbol ip_masq_new_Rsmp_1cc34fd1
ip_masq_ftp.o: unresolved symbol ip_masq_in_get_Rsmp_3fbd43b0
ip_masq_ftp.o: unresolved symbol unregister_ip_masq_app_Rsmp_bbc84e34
ip_masq_ftp.o: unresolved symbol ip_masq_listen_Rsmp_8e292da2
ip_masq_ftp.o: unresolved symbol ip_masq_out_get_Rsmp_27b7c4d9
ip_masq_ftp.o: unresolved symbol register_ip_masq_app_Rsmp_938aa0b0
does this indicate some sort of version incompatibility?
I recompiled the modules, but I still get this. I'm not sure what it means.
How can I test to see if the module is loading properly?
From: Horms [mailto:horms [at] vergenet]
Sent: Tuesday, November 28, 2000 11:53 AM
To: lvs-users [at] LinuxVirtualServer
Subject: Re: Source IP address
On Tue, Nov 28, 2000 at 11:39:47AM -0500, Nathan Polonski wrote:
> I'm currently using a Piranha based LVS system. NAT configuration, kernel
> 2.2.17 with patches. VS patch 1.0.0.
> The main use of the system is ftp. The system is to be behind a firewall
> I have run into an interesting problem.
> In my testing I have found that the source IP address of some of the "load
> balanced" data does not come from the VIP, but from the IP address of one
> the directors.
> If I open up an FTP connection to my cluster, all of the packets are sent
> and come from the VIP. Data looks good. However, when I try to run an "ls"
> or "dir" command against the FTP server, I get a "Cannot build Data
> Connection" error.
> My packet sniffing has shown me that all of the data going to and from the
> cluster is addressed to the VIP.
> This holds true, up until the directory listing request.
> When I run either command, packets come from the IP address of the active
> LVS director.
> Is this supposed to happen? Does anyone know why it happens.
> I'm sure there is a plausible explanation.
The problem is that when you do an ls your client tries to open
another connection to the ftp server, the VIP. The Linux Director
is allocating that connection to a different real server to the
original control connection, that real server isn't listening for
the data conenction. boom.
From the near to latest revision of the ipvsadm man page:
Note: If a virtual service is to handle FTP connec-
tions then persistence must be set for the virtual
service if Direct Routing or NAT is used as the
forwarding mechanism. If masquerading is used in
conjunction with an FTP service than persistence is
not necessary, but the ip_masq_ftp kernel module
must be used. This module may be manually inserted
into the kernel using insmod(8).
Of course reading that I notice a bug, "NAT" should read "Tunnelling".
Wensong can you update the tree.
LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://www.in-addr.de/mailman/listinfo/lvs-users