Installation guide
112 Chapter 9. Setting Up a Red Hat Enterprise Linux LVS Cluster
pasv_address=X.X.X.X
Replace X.X.X.X with the VIP address of the LVS system.
For configuration of other FTP servers, consult the respective documentation.
This range should be a wide enough for most situations; however, you can increase this
number to include all available non-secured ports by changing 10000:20000 in the com-
mands below to 1024:65535.
iptables
/sbin/iptables -t mangle -A PREROUTING -p tcp \
-d n.n.n.n/32 \
--dport 21 -j MARK --set-mark 21
/sbin/iptables -t mangle -A PREROUTING -p tcp \
-d n.n.n.n/32 \
--dport 10000:20000 -j MARK --set-mark 21
In the above iptables commands, n.n.n.n should be replaced with the floating IP for
the FTP virtual server defined in the VIRTUAL SERVER subsection of Piranha Config-
uration Tool. These commands have the net effect of assigning any traffic addressed to the
floating IP on the appropriate ports a firewall mark of 21, which is in turn recognized by
IPVS and forwarded appropriately.
Warning
The commands above take effect immediately, but do not persist through a reboot of
the system. To ensure network packet filter settings are restored after a reboot, see
Section 9.5 Saving Network Packet Filter Settings
Finally, you need to be sure that the appropriate service is set to activate on the proper
runlevels. For more on this, refer to Section 8.1 Configuring Services on the LVS Routers.
9.5. Saving Network Packet Filter Settings
After configuring the appropriate network packet filters for your situation, save the settings
so they get restored after a reboot. For iptables, type the following command:
/sbin/service iptables save