On Sun, 3 Jun 2007, harry gaillac wrote: > Hello, > > I use ldirectord/ipvsadm on a box (Debian Etch) where > netfilter is running with statefull rules. > > I read > http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.filter_rules.html > > I tested the mail service into the real servers via > LVS_NAT without statefull rules (netfiler) it's ok ! > > When I load statefull rules a connection is opened > between a external mail server (client) and my real > servers but the TCP session seem to be waiting. > > Is there a solution to run on the same box > netfilter/ipvsadm with statefull rules ? > Is it the ip_vs_nfct module or something else ?
There are some collisions between iptables and LVS. There are more collisions with LVS-NAT. There is a whole bunch of code around in patches to address this problem, but they aren't in the code and haven't been tested. While the situation is in the air like this, I haven't kept track of what solves what. I believe most of what you want is in the nfct patches. If this doesn't work, then you can either go to LVS-DR or move your stateful filtering to an external box. Joe -- Joseph Mack NA3T EME(B,D), FM05lw North Carolina jmack (at) wm7d (dot) net - azimuthal equidistant map generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux! _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
