LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] TCP Connection Sync Problems RHEL

from [Frank Kirschner] [Permanent Link]
To: "'LinuxVirtualServer.org users mailing list.'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, <lloyd_brown@xxxxxxx>
Subject: Re: [lvs-users] TCP Connection Sync Problems RHEL
From: "Frank Kirschner" <frank@xxxxxxxxxxxx>
Date: Wed, 30 Jul 2014 09:44:15 +0200 
> -----Original Message-----
> From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx 
> [mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf 
> Of Lloyd Brown
> Sent: Tuesday, July 29, 2014 4:41 PM
> To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [lvs-users] TCP Connection Sync Problems RHEL
> 
> Frank,
> 
> Okay.  So disabling SELinux didn't seem to have any effect.  
> But adding iptables rules like these (from 
> /etc/sysconfig/iptables), seemed to get the connection 
> information syncing between directors:
> 
> > #IPVS connection syncing for keepalived -A INPUT -d 
> 224.0.0.81/32 -s 
> > 192.168.25.9/32 -j ACCEPT -A INPUT -d 224.0.0.81/32 -s 
> > 192.168.25.10/32 -j ACCEPT
> 
> In this state the connections are still getting stuck in the 
> ESTABLISHED state, instead of transitioning to FIN_WAIT.  But 
> when I flush the iptables entirely ("iptables -F" or "service 
> iptables stop"), they seem to transition correctly.
> 
> In general, I don't like the idea of leaving the iptables 
> completely empty, so I guess I'll have to figure out what 
> specific traffic is getting blocked, that is causing the 
> connections to get stuck in ESTABLISHED.  If anyone has any 
> pointers on that one, I'd be glad to hear it.

Lloyd,

hmm, it's senseless doubled but please can you try out what happens if you
add on 1st line:

# /sbin/iptables -I INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
# /sbin/service iptables save

Do you have any OUTPUT rules in your iptables set?
After disabeling SeLINUX do you have reboot the system?

hope that helps,
best regards
Frank



==============================
Frank Kirschner
IT Services
Celebrate Records GmbH
Am Birkenwaeldchen 2
09366 Stollberg
Germany
mail: frank@xxxxxxxxxxxx
web: www.celebrate.de
fon: +49 37296 9201 60
fax: +49 37296 9201 75
CEO: Carsten Haupt
USt ID: DE 812 617 147
Registered at Country Court Chemnitz
HRB ID: 16308
------------------------------
PGP-Key is available at pgp.mit.edu
------------------------------




_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [lvs-users] TCP Connection Sync Problems RHEL, Lloyd Brown
Next by Date:  Re: [lvs-users] TCP Connection Sync Problems RHEL, Lloyd Brown
Previous by Thread:  Re: [lvs-users] TCP Connection Sync Problems RHEL, Lloyd Brown
Next by Thread:  Re: [lvs-users] TCP Connection Sync Problems RHEL, Lloyd Brown
Indexes:  [Date] [Thread] [Top] [All Lists]