|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi guys,
I am running LVS with NAT setup (kernel 2.4.27) and have noticed a
serious problem (with how it works with Netfilter) which I wanted to
know if really is a bug - or "feature"?
What I've noticed, is that when I get requests to my virtual addresses -
it forwards these to the realservers - but appereantly the request is
NOT added to the Netfilter ESTABLISHED table - so the response from the
realserver is not allowed out - unless I specificly allow everything out
from the realservers service-ports (http and https in this case) :(
Am I just mistaken, in thinking a connection established from the
outside should be added to the LVS (with the "by LVS" rewritten
address), so it will match an ESTABLISHED on the way out?
Thank you in advance
- --
Regards,
Klavs Klavsen, GSEC - kl@xxxxxxx - http://www.vsen.dk
PGP: 7E063C62/2873 188C 968E 600D D8F8 B8DA 3D3A 0B79 7E06 3C62
"Those who do not understand Unix are condemned to reinvent it, poorly."
~ --Henry Spencer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFBwIH+PToLeX4GPGIRAjtYAJ4tNWAAsIwu4wyVeG9NlcDOfchhSACfYNa8
bTyBIwyrVWB4/BGhDx5HbWo=
=Hk8k
-----END PGP SIGNATURE-----
|
