|
Joseph Mack NA3T a écrit :
> On Mon, 21 Jul 2008, Dimitri GOURDON wrote:
>
>
>> I don't understand where you want to go... If I have no iptables rule,
>> all is OK as I say in my first message.
>>
>
> I can't find where you say that in your first message.
>
>
I said it here:
"I have tried to accept these packets with Iptables and then, all my
connections are terminated in a normal way (only 1-2 connection(s) stay
in FIN_WAIT on web servers)."
>> The problem is I use iptables to do state filtering and
>> all FIN / RST packet are seen as INVALID (instead of
>> ESTABLISHED...).
>>
>
> are you using LVS-DR? If so you can't use stateful filtering
> on the director, because the director doesn't see the reply
> packets from the realserver.
>
>
It is a good idea but I use LVS NAT (I forget to tell it !)
>> The solution mustn't be to remove iptables rules ;)
>>
>
> yes it is.
>
> Joe
>
>
ha ha !!! I don't want to remove my iptables rules... I prefer
understand why these packets are INVALID and correct the problem.
Thanks for your responses !
Dimitri
|
