Hi, just subscribed to the iist, not had confirmation response yet, so i
hope this gets through and i can see responses.
i've got haproxy 1.5 installed and working, and it's working well so far.
i'm setting up a few servers to handle all our ftp, but in the meantime,
i'm using haproxy to proxy ftp from specific ip's to specific servers.
typical ftp listener in my haproxy.cfg:
listen ubuntu-server-12-ftp
bind 213.146.180.246:21
mode tcp
bind-process 1
option tcplog
balance leastconn
server ubuntu-server-12 192.168.51.201:21 send-proxy check
iptables rules on the load balancers:
-A PREROUTING -d 213.146.180.246/32 -p tcp -m tcp --dport 6100:6200 -j DNAT
--to-destination 192.168.51.201
-A POSTROUTING -s 192.168.51.201/32 -j SNAT --to-source 213.146.180.246
the server on 192.168.51.201 has the gateway address 192.168.51.1, which is
the floating ip used between the two haproxy servers.
the haproxy servers default route for 0.0.0.0/0 is our firewall
this is all working fine for external ftp access. i've configure proftpd
with the required defaultaddress, masqueradeaddress, passive port range etc.
however, i've now found out i'm also required to allow ftp use FROM this
server to external ftp servers.
however when i try to ftp out, i can connect to a server and login, but
can't do anything else:
Connected to ftp.*****.com.
220 Welcome to the ******* FTP service.
Name (ftp.****.com:root): p*******
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
500 Illegal PORT command.
ftp: bind: Address already in use
ftp> dir
500 Illegal PORT command.
ftp> pwd
257 "/"
ftp>
what do i need to do to get this working?
thanks
lee.
