From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: [patch v2.8 3/4] IPVS: make FTP work with full NAT support Date: Fri, 23 Jul 2010 12:49:39 +0200 Message-ID: <4C4973C3.5060409@trash.net> References: <20100722073547.504156161@vergenet.net> <20100722075012.950341908@vergenet.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: lvs-devel@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter@vger.kernel.org, netfilter-devel@vger.kernel.org, Malcolm Turnbull , Mark Brooks , Wensong Zhang , Julius Volz , "David S. Miller" , Hannes Eder , Jan Engelhardt To: Simon Horman Return-path: Received: from stinky.trash.net ([213.144.137.162]:35209 "EHLO stinky.trash.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752683Ab0GWKtm (ORCPT ); Fri, 23 Jul 2010 06:49:42 -0400 In-Reply-To: <20100722075012.950341908@vergenet.net> Sender: netfilter-devel-owner@vger.kernel.org List-ID: Am 22.07.2010 09:35, schrieb Simon Horman: > From: Hannes Eder > > Use nf_conntrack/nf_nat code to do the packet mangling and the TCP > sequence adjusting. The function 'ip_vs_skb_replace' is now dead > code, so it is removed. > > To SNAT FTP, use something like: > > % iptables -t nat -A POSTROUTING -m ipvs --vaddr 192.168.100.30/32 \ >> --vport 21 -j SNAT --to-source 192.168.10.10 > > and for the data connections in passive mode: > > % iptables -t nat -A POSTROUTING -m ipvs --vaddr 192.168.100.30/32 \ >> --vportctl 21 -j SNAT --to-source 192.168.10.10 > > using '-m state --state RELATED' would also works. > > Make sure the kernel modules ip_vs_ftp, nf_conntrack_ftp, and > nf_nat_ftp are loaded. > Applied, thanks.