Hi I think I need some assistance. I have a problem to understand the cooperation between ftp proxy, ipvsadm and ipchains in a Linux virtual cluster system (LVS). The LVS consists of a load balancing 'director' operating in NAT mode and also acting as an ipchains firewall. Its main purpose is to loadbalance a http and https web server. It has two interfaces, one connecting to the Internet, the other to its privat network where four real servers are. What I want to do is this: set up an ftp server on 1 realserver (no need to load balance), so that it can be accessed by ***BOTH**** active and passive ftp from outside clients. Use ftp-proxy on the director, to keep the open ports and vulnerability to a minimum. There are three configuration scripts/files which need to cooperate: ftp-proxy.conf ipvs_rules (my shell script to configure ipvsadm) ipchains_rules (our shell script to set firewall rules) My main confusion is about who does the forwarding and NAT stuff: rules for ipvsadm, or rules for ipcains, or both? I can't seem to get that part right. Has any user of the Suse ftp-proxy ever set it up on an LVS director which also had strict firewall rules to maintain? What do all the configuration settings look like (please be explicit) for ftp-prox, ipvsadm and ipchains? Alois