LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] solved: last FIN-ACK eaten (by iptables)

from [Laurentiu C. Badea (L.C.)] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] solved: last FIN-ACK eaten (by iptables)
From: "Laurentiu C. Badea (L.C.)" <lc@xxxxxxxx>
Date: Thu, 11 Sep 2008 14:58:08 -0700 
Joseph Mack NA3T wrote:
> 
> Did you see Siim Pedr's patch for stateful LVS-NAT filtering 
> about 2 months ago (look in the archives)

I have seen a few patches in the archives related to netfilter and LVS 
but I preferred to use stock parts for ease of maintenance and reduced 
probability of accidental wreck. Hopefully some of those will make it 
into mainstream.

The current setup seems to work except for a minor annoyance - the 
netfilter conntrack table still has the connections, when I would have 
expected that to be almost empty, given that LVS steals the packets from 
nf. The connections display as UNREPLIED and originating on the RIP:80 
so they aren't "real" but I'm curious which packets from the real server 
triggered them.

--
Laurentiu
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [lvs-users] RHEL/CentOS + Antefacto?, Jason Stubbs
Next by Date:  Re: [lvs-users] solved: last FIN-ACK eaten (by iptables), Brian Ghidinelli
Previous by Thread:  Re: [lvs-users] solved: last FIN-ACK eaten (by iptables), Joseph Mack NA3T
Next by Thread:  Re: [lvs-users] solved: last FIN-ACK eaten (by iptables), Brian Ghidinelli
Indexes:  [Date] [Thread] [Top] [All Lists]