Hi,
Sorry if this is a repeat.
I am trying FTP with HAProxy
I have two servers load balanced by HAproxy.
ftp login works fine. Data channel fails.
When I capture packets at the server, server receives PORT packet, but
responds with Illegal port command.
My setup has
| -----S1
Source-----------HAProxy |
|------S2
All are in the same network. I can directly ftp to S1 and S2 with no
problems.
haproxy.cfg (relevant info)
listen 21
bind :21
mode tcp
option tcpka
balance roundrobin
server Gala1 S1
server Gala S2
Output on Source
naveen@CamNaveen:~$ ftp LB-IP
Connected to LB-IP.
220-FTP Server (user 'fcnav...@us.ibm.com')
220
Name (LB-IP:naveen): dove
331-Password:
331
Password:
230-230 Login successful.
230
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
500 Illegal PORT command.
ftp: bind: Address already in use
ftp> bye
Appreciate if you could let me know if I need to make any changes. Some of
the articles I saw asked to use iptable Source nat on LB. Do we need to do
that.
In mycase, server is not event making a connection attempt to client on
receiving PORT command. It just responds with Illegal PORT command.
On the server, PORT command FTP data shows Source IP address of Source
not the LB-IP. Is this a problem?
Best Regards,
Naveen
