>Looking at the documentation for ipvsadm it seems that in order to run ipvsadm
>on a director that is also running a nat-firewall you have to patch the
>kernel with the ipvs_nfct patch.
>Can someone please confirm that that this is correct?
I can tell you that if you try to make it work without the patch, you will eat
your hat. It causes a bunch of strange things to fail. In my case, I saw a
situation in which, during some edge cases, the kernel would drop the "fin"
packet for LVS connections. Fun stuff.
I highly doubt your problem has anything to do with the patch, though. It
didn't change any behavior for us.
Linux Systems Engineer
Mailtrust, a division of Rackspace
Please read the documentation before posting - it's available at:
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users