LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: ipvs + source nat

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: ipvs + source nat
From: trietz <trietz@xxxxxxxxxxx>
Date: Thu, 19 Oct 2006 15:23:24 +0200
Ok, because i can't find the reason for the invalid packages, I searched for a workaround to drop them.
My solution:

1. Patch my kernel sources with the ipvs_nfct patch.

2. Activate conntrack:
echo 1 > /proc/sys/net/ipv4/vs/conntrack

3. Add the following iptables rule on the director:

   iptables -A FORWARD -i eth1 -o eth0 -m state --state INVALID -j DROP
   iptables -A FORWARD -i eth2 -o eth0 -m state --state INVALID -j DROP

That's it.

Thomas



<Prev in Thread] Current Thread [Next in Thread>