|
Ok I think I found the problem.
If I comment this firewall rule all il good.
-A INPUT -m state --state INVALID -j REJECT
but now I wold like to know why this rule block the fin ack state
packet.
If anybody know the reponse thanks to post it.
Laurent
-----Message d'origine-----
De : lvs-users-bounces+techp=a-h-t-c.com@xxxxxxxxxxxxxxxxxxxxxx
[mailto:lvs-users-bounces+techp=a-h-t-c.com@xxxxxxxxxxxxxxxxxxxxxx] De
la part de techp@xxxxxxxxxxx
Envoyé : jeudi 8 décembre 2005 18:05
À : lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Objet : probleme with LVS-NAT and FIN ACK tcp flag
Hello,
I have a problem with the end of tcp conections.
I use LVS (lvs-nat) box on fedora core 4 with lastest kernel (2.6) and
thow web server on fedora too.
When a user send FIN ACK to the LVS box the LVS send to user 'icmp 48:
tcp port http unreachable'.
The LVS box don't send the FIN ACK to the real server too.
So both have actives conections stats pending.
With the 'ipvsadm -Lcn' command I get lot of FIN_WAIT.
Anybody have an idea ?
Thx in advance
Laurent N.
PS : Sorry for my bad english.
|
