I came across a very strange problem.
For one of my dozen of services ( a straight TCP connection), the
TCP-FIN packets that are arriving on the load balancer are never passed
to the real server.
I activated the logs of iptable and could see the FIN packets being dropped.
No idea why the FIN are dropped and not the other ones. I obviously have
the --state ESTABLISHED,RELATED -j ACCEPT in my iptable rules.
I had a quick look at /proc/net/ip_conntrack before, during and after
the connection but nothing specific to that connection seems to be
inserted (the module is loaded and other traffic gets tracked).
Google doesn't really help. Someone had a similar problem last year but
was never publicly solved.
If someone had the same issue and managed to solve it, I'd be glad to
hear from you.
--
Thomas
|