请赐教 Redhat ES 3 上的ipvsdm不能访问 急急急急急!

Submitted by lxy9805287 on 周日, 2006-11-05 03:22

操作系统ES 3 内核已经支持IPVS模块
ipvsadm配置文件
-A -t 192.168.6.1:21 -s wlc
-a -t 192.168.6.1:21 -r 192.168.6.77:21 -g
-a -t 192.168.6.1:21 -r 192.168.1.203:21 -g
iptables配置
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
使用192.168.6.5 访问 192.168.6.1 FTP
ipvsadm -Lcn出现以下
IPVS connection entries
pro expire state source virtual destination
TCP 00:55 SYN_RECV 192.168.6.5:1237 192.168.6.1:21 192.168.1.203:21

不能访问 FTP

请高手看下什么原因

Forums:

wensong

周日, 2006-11-12 10:55

在直接路由方式下,FTP服务需要设置持久服务选项,例如“-A -t 192.168.6.1:21 -s wlc -p”

详细的描述可以参见ipvsadm man page。

 -p, --persistent [timeout]
        Specify that a virtual service is persistent. If this option  is
        specified, multiple requests from a client are redirected to the
        same real server selected for the  first  request.   Optionally,
        the  timeout  of  persistent  sessions may be specified given in
        seconds, otherwise the default of 300 seconds will be used. This
        option  may be used in conjunction with protocols such as SSL or
        FTP where it is important that clients consistently connect with
        the same real server.
 
        Note:  If  a  virtual  service is to handle FTP connections then
        persistence must be set for the virtual service if Direct  Rout-
        ing  or  Tunnelling is used as the forwarding mechanism. If Mas-
        querading is used in conjunction with an FTP service  than  per-
        sistence  is not necessary, but the ip_vs_ftp kernel module must
        be used.  This module may be manually inserted into  the  kernel
        using insmod(8).

randomness