Passive/Active FTP and LVSPosted by Jason Hawkins / November 7, 2008
FTP is pretty much taken for granted, and is the often overlooked de-facto method for back-end updates and scripted data transference. In fact, I personally only ever use SFTP and if I need to automate such things I use rsync tunneled through SSH. So, it comes as no surprise that a lot of programmers (read that as developers) use what’s easiest and most prevalent, hence a lot of client applications using the far simpler FTP protocol.
No, I am not going to go into a security rant, something about clear text passwords and transparent payloads. Convenience and perceived cost-savings beat security every time; and you would be naive to think otherwise.
We have an LVS cluster that requires both passive and active ftp. Now active is easy. There are plenty of handlers/helpers in IPtables and IPVS to negotiate and connection-track active ftp.
OK, next will be the quickest summary I can come up with of the differences between active and passive ftp.
To be continued …