Passive/Active FTP and LVS



FTP is pretty much taken for granted, and is the often overlooked de-facto method for back-end updates and scripted data transference. In fact, I personally only ever use SFTP and if I need to automate such things I use rsync tunneled through SSH. So, it comes as no surprise that a lot of programmers (read that as developers) use what’s easiest and most prevalent, hence a lot of client applications using the far simpler FTP protocol.

No, I am not going to go into a security rant, something about clear text passwords and transparent payloads. Convenience and perceived cost-savings beat security every time; and you would be naive to think otherwise.

The Problem

We have an LVS cluster that requires both passive and active ftp. Now active is easy. There are plenty of handlers/helpers in IPtables and IPVS to negotiate and connection-track active ftp.

OK, next will be the quickest summary I can come up with of the differences between active and passive ftp.

To be continued …


Related Articles