LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

LVS-DR + ipvs_nfct does not work

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: LVS-DR + ipvs_nfct does not work
From: Alexander Piavka <piavka@xxxxxxxxxxxx>
Date: Tue, 21 Dec 2004 12:36:40 +0200 (IST)
 Hi,

i have a LVS-DR setup , the director has an iptables firewall
but is NOT default gateway of the realservers, thus it sees packets
in one direction only

the lvs doc states that:
IPVS always knows the conn state (NEW/RELATED/ESTABLISHED), it is
simply exported to the netfilter conntracking.
 by the ipvs_nfct patch as i understand

i've recompiled the director with ipvs_nfct patch
andenabled it with:
echo 1 > /proc/sys/net/ipv4/vs/conntrack

 but the connection tracking iptables rules still work in the same way,
the state of connections is always NEW without the syn flag (except the
first packet) and is not moved to ESTABLISHED.

 Does that means that the patch does not work as expected, as Julian
states in the lvs doc this patch sould work then director is not the
gateway of realservers also.

 please advice


<Prev in Thread] Current Thread [Next in Thread>