|
Rodre Ghorashi-Zadeh napisał(a):
In regards to my problem I still can't get the reply packets, once
SNAT-ed, sent to the realserver, and sent back to the director to be
accepted by the director and sent back to the client. I am thinking it
might have some thing to do with some of the the /proc/sys/net/ipv4
params, anyone have any ideas? I am totally stumped.
Rod,
I assume you can see reply packets on your director incomming interface
(with tcpdump or somethin glike this). I would advise you to set up some
iptables rules just for tracing your missing packets. You should be able
to detect them in PREROUTING mangle, FORWARD mangle and filter, then
POSTROUTING mangle. You could also check if they are seen by conntrack,
just examine /proc/net/ip_conntrack for status of corresponding entries.
If you suspect packets could be dropped by routing logic (rp_filter
set?), try setting /proc/sys/net/ipv4/conf/<iif>/log_martians to 1,
maybe you get some messages in your syslog. If you still get no results,
please send some output you get, maybe I can help.
Cheers,
Janusz
|
