LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: ipvs + source nat

from [trietz] [Permanent Link]
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: ipvs + source nat
From: trietz <trietz@xxxxxxxxxxx>
Date: Thu, 19 Oct 2006 15:22:24 +0200
Ok, because i can't find the reason for the invalid packages, I searched for a workaround to drop them. 
My solution:

1. Patch my kernel sources with the ipvs_nfct patch.

2. Activate conntrack:
echo 1 > /proc/sys/net/ipv4/vs/conntrack

3. Add the following iptables rule on the director:

   iptables -A FORWARD -i eth1 -o eth0 -m state --state INVALID -j DROP
   iptables -A FORWARD -i eth2 -o eth0 -m state --state INVALID -j DROP

That's it.

Thomas
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ipvs + source nat, trietz
Next by Date:  Traffic to a "dead" server, Casey Zacek
Previous by Thread:  Re: ipvs + source nat, trietz
Next by Thread:  New system, higher active connections?, H. Wade Minter
Indexes:  [Date] [Thread] [Top] [All Lists]