|
I don't understand where you want to go... If I have no iptables rule,
all is OK as I say in my first message. The problem is I use iptables to
do state filtering and all FIN / RST packet are seen as INVALID (instead
of ESTABLISHED...).
The solution mustn't be to remove iptables rules ;)
Nobody have this problem ? I think this behavior can be observed on all
directors with iptables... (I run
2.6.18-4-686-bigmem on Debian machine with iptables 1.3.6.0debian1-5 and
keepalived 1.1.13-1)
Dimitri
Joseph Mack NA3T a écrit :
> On Mon, 21 Jul 2008, Dimitri GOURDON wrote:
>
>> Hi all,
>>
>> I've setup LVS on a box using Keepalived (and Iptables) to load balance
>> traffic between 2 web servers. I have a problem :
>>
>> A lot of TCP packets with FIN or RST flags (all I think) are dropped by
>> Iptables as state INVALID. The consequence is that I have a lot of
>> connection in FIN_WAIT state (shown by netstat) on the 2 web servers...
>>
>
> do you get the problem without the iptables rules?
>
> Joe
>
>
|
