Nicolas, With TUN or DR mode its probably best to use firewall marks to group all of the possible ports together:
active 20,21 passive 21,high_port # This example marks groups the active FTP ports VIP1="192.168.0.66" # First two rules are for Active connections iptables -t mangle -A PREROUTING -p tcp -d $VIP1 --dport 21 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -p tcp -d $VIP1 --dport 20 -j MARK --set-mark 1 # Third additional rule for passive iptables -t mangle -A PREROUTING -p tcp -d $VIP1 --dport 1024: -j MARK --set-mark 1 2009/9/16 Nicolas Haller <[email protected]> > > Hi all, > > I try to make a load-balanced ftp and I have a little problem. I can't > use FTP in active mode. Someone can help me? > > The lvsadm conf > TCP lo-pp.nerim.net:ftp wlc persistent 120 > -> harrisburg.nerim.net:ftp Tunnel 1 0 0 > -> sellafield.nerim.net:ftp Tunnel 1 0 0 > > Thanks, > > -- > Nicolas Haller > > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - [email protected] > Send requests to [email protected] > or go to http://lists.graemef.net/mailman/listinfo/lvs-users -- Regards, Malcolm Turnbull. Loadbalancer.org Ltd. Phone: +44 (0)870 443 8779 http://www.loadbalancer.org/ _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
