kernel-packages team mailing list archive

Thread
Date
[Bug 1453180] Re: Passive FTP is not handled properly by the ip_vs_ftp module

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Shawn Heisey <ubuntu@xxxxxxxxxxxx>
Date: Fri, 08 May 2015 15:59:51 -0000
Reply-to: Bug 1453180 <1453180@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
I notice that the ip_vs_ftp module is used by nf_nat.  Does this mean
that FTP mangling cannot happen without the firewall?

I really don't want to enable to the Linux firewall ... all of this is
behind a Cisco firewall with restrictive ACLs, even though I'm using
public IPs on this machine.

root@lb1:~# lsmod | grep ftp
ip_vs_ftp              13079  0
ip_vs                 136629  2 ip_vs_ftp
nf_nat                 21841  1 ip_vs_ftp

If I have to enable the firewall, then I will need help configuring it.
In addition to being a load balancer, this machine also serves as a
router -- the only way to access the back-end servers, even directly by
private IP, is by routing through it.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1453180

Title:
  Passive FTP is not handled properly by the ip_vs_ftp module

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  I have a setup on CentOS 5 (kernel 2.6.18-128.1.6.el5.centos.plus,
  ipvsadm v1.24, ldirectord v1.186-ha-2.1.3) that handles this
  perfectly.  I'm migrating because the software on that system is very
  old.

  After migrating the config to Ubuntu 14, fully updated with aptitude,
  only active FTP works.  The kernel is 3.13.0-52-generic, ipvsadm is
  v1.26, and ldirectord is v1.186-ha -- all are installed from Ubuntu
  packages.

  root@lb1:~# lsb_release -rd
  Description:    Ubuntu 14.04.2 LTS
  Release:        14.04
  root@lb1:~# uname -a
  Linux lb1 3.13.0-52-generic #86-Ubuntu SMP Mon May 4 04:32:59 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

  Passive FTP, which should be handled by the ip_vs_ftp module, doesn't
  work properly.  The control channel works, but data connections don't
  establish.  The ip_vs_ftp module is loaded from /etc/rc.local and the
  system has been rebooted a number of times.  The ldirectord process is
  not started by upstart, it is started by pacemaker.

  The LVS load balancer is being configured by ldirectord.  This is the
  ldirectord config:

  checktimeout=5
  checkinterval=10
  negotiatetimeout=20
  autoreload=yes
  logfile="/var/log/ldirectord.log"
  quiescent=no

  virtual=XX.XXX.XXX.71:21
          fallback=127.0.0.1:21
          real=10.100.2.61:21 masq 65535
          real=10.100.2.60:21 masq 1
          service=ftp
          request="monitortest.txt"
          receive="good"
          login="lbtest"
          passwd="PASSWD"
          scheduler=wrr
          protocol=tcp
          checktype=negotiate

  On both CentOS 5 and Ubuntu 14, the machine has actual public IP
  addresses on it, and that virtual address is a public IP.  The
  firewall is disabled.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: linux-image-3.13.0-52-generic 3.13.0-52.86
  ProcVersionSignature: Ubuntu 3.13.0-52.86-generic 3.13.11-ckt18
  Uname: Linux 3.13.0-52-generic x86_64
  AlsaDevices:
   total 0
   crw-rw---- 1 root audio 116,  1 May  7 22:02 seq
   crw-rw---- 1 root audio 116, 33 May  7 22:02 timer
  AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
  ApportVersion: 2.14.1-0ubuntu3.10
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
  CRDA: Error: [Errno 2] No such file or directory: 'iw'
  Date: Fri May  8 09:15:14 2015
  HibernationDevice: RESUME=UUID=cbeacb5e-cd21-4b18-a72f-7d6ebaec9c40
  IwConfig:
   lo        no wireless extensions.
   
   em2       no wireless extensions.
   
   em1       no wireless extensions.
  MachineType: Dell Inc. PowerEdge R320
  PciMultimedia:
   
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcFB: 0 VESA VGA
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-52-generic root=UUID=58c5cea9-08d7-41d7-8950-cd1c5ff86cde ro splash quiet vt.handoff=7
  RelatedPackageVersions:
   linux-restricted-modules-3.13.0-52-generic N/A
   linux-backports-modules-3.13.0-52-generic  N/A
   linux-firmware                             1.127.11
  RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 07/10/2014
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: 2.3.3
  dmi.board.name: 0KM5PX
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A02
  dmi.chassis.type: 23
  dmi.chassis.vendor: Dell Inc.
  dmi.modalias: dmi:bvnDellInc.:bvr2.3.3:bd07/10/2014:svnDellInc.:pnPowerEdgeR320:pvr:rvnDellInc.:rn0KM5PX:rvrA02:cvnDellInc.:ct23:cvr:
  dmi.product.name: PowerEdge R320
  dmi.sys.vendor: Dell Inc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1453180/+subscriptions
References

[Bug 1453180] [NEW] Passive FTP is not handled properly by the ip_vs_ftp module
From: Shawn Heisey, 2015-05-08