|
On Thu, 17 May 2001, Julian Anastasov wrote:
> On Thu, 17 May 2001, DaP wrote:
> > 14:24:24.693701 10.1.1.1.443 > 192.168.3.31.3438: P 1:1449(1448) ack 19
> > win 31856 <nop,nop,timestamp 392454 1837743> (DF)
> You should forward this message to the Netfilter mailing list.
> What I see is that port 443 is not a part from LVS service. I don't
> know why netfilter does not forward the ICMP to the internal host.
sorry, I pasted a bad config line, port 443 is also LVS serviced.
I have this line in the config:
TCP 217.20.134.241:443 rr
-> 10.1.1.1:443 Masq 1
> > there is nothing interesting in the routing cache, the 'need to
> > frag' messages do not pass, while 'dest unreachable' do:
> > 14:24:16.688657 10.1.1.121 > 10.1.1.1: icmp: 195.228.210.26 tcp
> > port 2560 unreachable (DF) [tos 0xc0]
> What is this? -j REJECT? 1.121 and 1.1 are on the LAN, where
> is 195.228.210.26? I don't see NAT involved here.
really, another mistake.. ignore it..
now I'm going to try the debug and write you my results..
--
DaP
|
