On 10/03/2012 08:46 AM, Manish Kathuria wrote:
I was under the impression that you are running a FTP server inside and were facing problems with the incoming traffic for the same. If you are primarily concerned with the outgoing traffic through two ISP links, please follow the following steps:
- Refer to http://www.ssi.bg/~ja/nano.txt for creating your rules.
- Recompile the kernel after applying Julian Anistov's routes patch
(the URL is there in the earlier messages). 3. Make a script to check the status of the links and change the default gateway accordingly. Let me know if you need a script. 4. Make sure that your firewall (iptables) is stateful and allows related and established connections and the NAT and connection tracking modules (nf_conntrack, nf_conntrack_ftp, nf_nat and nf_nat_ftp) are loaded.
I have followed this approach at a number of places without any problems related to FTP or other protocols. The only issue I faced was that the patch failed for all the CentOS 5.x kernels I tried (perhaps due to some conflict with an existing patch). But its working perfectly for the kernels in CentOS 6 and 6.1.
Thanks,
Manish
Hi Manish,
Thanks for the response. It is good to know there is a general solution. It is too bad that the referenced patches were never merged into to main kernel tree, forcing people to have to build and maintain their own kernel.