|
On Sun, 3 Jun 2007, harry gaillac wrote:
> Hello,
>
> I use ldirectord/ipvsadm on a box (Debian Etch) where
> netfilter is running with statefull rules.
>
> I read
> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.filter_rules.html
>
> I tested the mail service into the real servers via
> LVS_NAT without statefull rules (netfiler) it's ok !
>
> When I load statefull rules a connection is opened
> between a external mail server (client) and my real
> servers but the TCP session seem to be waiting.
>
> Is there a solution to run on the same box
> netfilter/ipvsadm with statefull rules ?
> Is it the ip_vs_nfct module or something else ?
There are some collisions between iptables and LVS. There
are more collisions with LVS-NAT. There is a whole bunch of
code around in patches to address this problem, but they
aren't in the code and haven't been tested. While the
situation is in the air like this, I haven't kept track of
what solves what. I believe most of what you want is in the
nfct patches. If this doesn't work, then you can either go
to LVS-DR or move your stateful filtering to an external
box.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
