|
> > You can check if you configured it correctly by doing an 'arping VIP'
> > from a client (not the director / realserver!) and watching the output.
> > You should see replies coming from one MAC address. This would be the
> > MAC of the interface on the director that's serving the VIP.
> >
Things work much better. The lost connections were because of iptables. I
have this rule early on for server that has the director. I guess the ACK FIN
is an technically an invalid state...
-A INPUT -p tcp -m conntrack --ctstate INVALID -j LOG --log-prefix "FW-I BF: "
-A INPUT -p tcp -m conntrack --ctstate INVALID -j REJECT --reject-with
icmp-port-unreachable
Apr 26 04:36:02 wall1 kernel: FW-I BF: IN=br0 OUT= PHYSIN=eth1
MAC=00:50:56:b1:63:bc:00:0c:29:92:be:b7:08:00 SRC=10.80.66.24 DST=10.80.55.11
LEN=52 TOS=0x08 PREC=0x00 TTL=64 ID=40835 DF PROTO=TCP SPT=52114 DPT=3917
WINDOW=363 RES=0x00 ACK FIN URGP=0
> >
> >
> > Léon
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
| 