Sorry, forwarded to the list a message sent to Willy's personal
account by mistake.
Hi Willy,
Thanks a lot! It works really nice! Just nother question. Wihtout transparent proxy support on the kernel, would it be possible to obtain the same results? I understand that source client IP is not used anywhere on the rules, so should also work. Just for the record and future google searches ;)
Thanks, and congratulations for your GREAT work on haproxy.
On Thu, May 22, 2008 at 10:35 AM, Willy Tarreau <w#1wt.eu> wrote:
> Hi Alberto,
>
> On Wed, May 21, 2008 at 08:58:20PM +0200, Alberto Giménez wrote:
>> Hi,
>>
>> I've found a problem trying to balance FTP servers (well, really just
>> use a FTP server and a backup one through the haproxy box). I'm
>> currently using a kernel patched with cttproxy (2.0.6) to provide
>> transparent proxy support and haproxy 1.3.14.
>>
>> FTP sessions hang when a data connection must be opened. This is true
>> for active mode, and I guess the problem is because of the FTP
>> protocol itself:
>>
>> client (control connection) ---> haproxy ----> backend FTP server
>> client (data connection) (port X) -----> haproxy (port 20)
>> haproxy (port Y)
>> -----> backend FTP server (port 20)
>> haproxy (port Y)
>> <------ backend FTP server (port 20)
>>
>> And then haproxy doesn't forward "port Y" to "port X" on the client,
>> so data connection is lost on haproxy box and the client "hangs"
>> waiting for a response.
>
> yes, that's one of the problems with FTP.
>
>> Using passive mode works, because backend server tells the client
>> directly what port to use (and his real IP, not the balanced one!).
>
> This will not work for most clients (particularly those behind firewalls), as
> the destination address of the data connection will not be the same as for the
> control connection.
>
>> I'm not sure if telling the customers to "force passive mode on their
>> FTP clients" is a very polite option but... I wonder if anyone had the
>> same problem and found a solution for it. I have not found anything
>> about haproxy + ftp balancing on the net. Some references to other
>> load balancers but no real clue.
>
> I got active FTP load balancing to work in a very simple manner using
> transparent proxy :
>
> client C connects to the service address V on haproxy port 21. haproxy
> forwards the connection to server S1 port 21, using C as the source address.
> When client sends "PORT C,X", the server tries to connect to C through the
> machine running haproxy. You simply have to add a source NAT rule on this
> machine, which translates S1 source port 20 to V source port 20. The client
> will then receive a connection from V which is where it established the
> control connection.
>
> Regards,
> Willy
>
>
-- Alberto Giménez -- Alberto GiménezReceived on 2008/05/22 12:24
This archive was generated by hypermail 2.2.0 : 2008/05/22 12:30 CEST