|
Hi,
I've been trying to get a LVS-TUN setup working, but I've been
experiencing problems with our PIX dropping traffic.
Setup:
Pix has Internet / DMZ1 / DMZ2 networks. The switches are directly
plugged into the PIX for the respective networks.
In DMZ1 I have a LB and realserver1 (realserver 1 setup for testing)
In DMZ2 I have realserver2.
Load balancing to Realserver1 is working correctly, but when the
director sends the request to realsever2 I'm seeing the following on the
PIX:
%PIX-6-106015: Deny TCP (no connection) from host lb0/80 to
my.external.i.p/1083 flags SYN ACK on interface dmz2-network
I'm presuming because the PIX doesn't know about the connection.
I have disabled reverse-path verification on the dmz2 network.
Can anyone offer any pointers/suggestions? Apologies if this is badly
explained, drop me a mail if you think you can help and need some more
info!
Many Thanks
steve
|
