On Fri, 2007-11-30 at 12:28 +0000, Steve Drew wrote: > Load balancing to Realserver1 is working correctly, but when the > director sends the request to realsever2 I'm seeing the following on the > PIX: > > %PIX-6-106015: Deny TCP (no connection) from host lb0/80 to > my.external.i.p/1083 flags SYN ACK on interface dmz2-network > > I'm presuming because the PIX doesn't know about the connection. > > I have disabled reverse-path verification on the dmz2 network.
Hrm... Turning off reverse-path verification on dmz2 won't work, since the PIX sees lb0's address on the network attached to dmz1 and is keeping the connection table for sessions from clients to lb0 locked to that interface. What happens if you add an explicit PERMIT rule for traffic from lb0 which is ingress traffic to the dmz2 interface? I'd write one for you but it's so long since I drove a PIX I'd get it wrong :) Graeme _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
