Re: [lvs-users] LVS-NAT on firewall

To: jbaxter@xxxxxxxxxxxxx
Subject: Re: [lvs-users] LVS-NAT on firewall
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: jason.faulkner@xxxxxxxxxxxxx
Date: Thu, 9 Apr 2009 10:44:51 -0400 (EDT)
>Looking at the documentation for ipvsadm it seems that in order to run ipvsadm 
>on a director that is also running a nat-firewall you have to patch the 
>kernel with the ipvs_nfct patch. 
>Can someone please confirm that that this is correct?

I can tell you that if you try to make it work without the patch, you will eat 
your hat. It causes a bunch of strange things to fail. In my case, I saw a 
situation in which, during some edge cases, the kernel would drop the "fin" 
packet for LVS connections. Fun stuff.

I highly doubt your problem has anything to do with the patch, though. It 
didn't change any behavior for us.

Jason Faulkner 
Linux Systems Engineer
Mailtrust, a division of Rackspace

Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>