티스토리 뷰

Linux

lvs ldirectord FTP 분배 설정

CHOMAN 2025. 4. 25. 17:34

LVS 는 CENTOS7, FTP 서버는 rocky9

/etc/ha.d/ldirectord.cf

#  PASSIVE
virtual=12.34.56.165:21
    real=12.34.56.122:21 gate 20
    real=12.34.56.123:21 gate 20
    service=ftp
    scheduler=wlc
    netmask=255.255.255.255
    protocol=tcp
    checkport=21
    checktype=connect
    persistent=15

연결 유지 설정 15초, persistent=15 FTP 연결의 문제가 있으면 초를 더 늘리거나 한다

파일 전송 및 다운로드 가능하나 100%에서 세션이 멈춤

firewalld logging

/etc/firewalld/firewalld.conf

# Default: off
#LogDenied=off
LogDenied=all

/var/log/messages

Apr 23 20:22:03 LVS1 kernel: STATE_INVALID_DROP: IN=em1 OUT= MAC=6c:3c:8c:7b:f0:a3:6c:3c:8c:7b:f0:03:08:00 SRC=12.34.56.210 DST=12.34.56.165 LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=14539 DF PROTO=TCP SPT=48602 DPT=21 WINDOW=251 RES=0x00 ACK FIN URGP=0
Apr 23 20:22:04 LVS1 kernel: STATE_INVALID_DROP: IN=em1 OUT= MAC=6c:3c:8c:7b:f0:a3:6c:3c:8c:7b:f0:03:08:00 SRC=12.34.56.210 DST=12.34.56.165 LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=14540 DF PROTO=TCP SPT=48602 DPT=21 WINDOW=251 RES=0x00 ACK FIN URGP=0
Apr 23 20:22:04 LVS1 kernel: STATE_INVALID_DROP: IN=em1 OUT= MAC=6c:3c:8c:7b:f0:a3:6c:3c:8c:7b:f0:03:08:00 SRC=12.34.56.210 DST=12.34.56.165 LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=14542 DF PROTO=TCP SPT=48602 DPT=21 WINDOW=251 RES=0x00 ACK FIN URGP=0
Apr 23 20:22:04 LVS1 kernel: STATE_INVALID_DROP: IN=em1 OUT= MAC=6c:3c:8c:7b:f0:a3:6c:3c:8c:7b:f0:03:08:00 SRC=12.34.56.210 DST=12.34.56.165 LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=14543 DF PROTO=TCP SPT=48602 DPT=21 WINDOW=251 RES=0x00 ACK FIN URGP=0
Apr 23 20:22:05 LVS1 kernel: STATE_INVALID_DROP: IN=em1 OUT= MAC=6c:3c:8c:7b:f0:a3:6c:3c:8c:7b:f0:03:08:00 SRC=12.34.56.210 DST=12.34.56.165 LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=14544 DF PROTO=TCP SPT=48602 DPT=21 WINDOW=251 RES=0x00 ACK FIN URGP=0
Apr 23 20:22:07 LVS1 kernel: STATE_INVALID_DROP: IN=em1 OUT= MAC=6c:3c:8c:7b:f0:a3:6c:3c:8c:7b:f0:03:08:00 SRC=12.34.56.210 DST=12.34.56.165 LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=14545 DF PROTO=TCP SPT=48602 DPT=21 WINDOW=251 RES=0x00 ACK FIN URGP=0
Apr 23 20:22:10 LVS1 kernel: STATE_INVALID_DROP: IN=em1 OUT= MAC=6c:3c:8c:7b:f0:a3:6c:3c:8c:7b:f0:03:08:00 SRC=12.34.56.210 DST=12.34.56.165 LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=14546 DF PROTO=TCP SPT=48602 DPT=21 WINDOW=251 RES=0x00 ACK FIN URGP=0
Apr 23 20:22:17 LVS1 kernel: STATE_INVALID_DROP: IN=em1 OUT= MAC=6c:3c:8c:7b:f0:a3:6c:3c:8c:7b:f0:03:08:00 SRC=12.34.56.210 DST=12.34.56.165 LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=14547 DF PROTO=TCP SPT=48602 DPT=21 WINDOW=251 RES=0x00 ACK FIN URGP=0
Apr 23 20:22:30 LVS1 kernel: STATE_INVALID_DROP: IN=em1 OUT= MAC=6c:3c:8c:7b:f0:a3:6c:3c:8c:7b:f0:03:08:00 SRC=12.34.56.210 DST=12.34.56.165 LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=14548 DF PROTO=TCP SPT=48602 DPT=21 WINDOW=251 RES=0x00 ACK FIN URGP=0
Apr 23 20:22:56 LVS1 kernel: STATE_INVALID_DROP: IN=em1 OUT= MAC=6c:3c:8c:7b:f0:a3:6c:3c:8c:7b:f0:03:08:00 SRC=12.34.56.210 DST=12.34.56.165 LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=14549 DF PROTO=TCP SPT=48602 DPT=21 WINDOW=251 RES=0x00 ACK FIN URGP=0

해결책

conntrack 모듈에서 STATE INVALID PACKET 으로 간주하여 패킷이 드롭됨

LVS firewalld 설정

firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 30000:31000 -m conntrack --ctstate INVALID -j ACCEPT
firewall-cmd --reload

각 FTP 서버 설정 vsftpd.conf

pasv_enable=YES
pasv_min_port=30000
pasv_max_port=31000

'Linux' 카테고리의 다른 글

ERR_SSL_PROTOCOL_ERROR (0)	2023.10.06
yum repo 모두 다운받기 (0)	2023.01.13
centos5 M2Crypto.SSL.SSLError: unknown protocol (1)	2023.01.06
gitlab upgrade (깃랩 업그레이드) (0)	2021.11.11
Consider increasing /proc/sys/fs/inotify/max_user_watches (0)	2021.06.18

공유하기 링크

페이스북
카카오스토리
트위터

공지사항

최근에 올라온 글

최근에 달린 댓글

Total

Today

Yesterday

링크

TAG more

« 2025/05 »
일	월	화	수	목	금	토
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

글 보관함

KENSEI IT BLOG

티스토리 뷰

lvs ldirectord FTP 분배 설정

/etc/ha.d/ldirectord.cf

파일 전송 및 다운로드 가능하나 100%에서 세션이 멈춤

해결책

'Linux' 카테고리의 다른 글

티스토리툴바