On Wed, 10 Sep 2008, Brian Ghidinelli wrote: > I'm trying to fix the problem of return packets from my > real servers being killed as INVALID when combining > iptables + lvs (in my case, keepalived).
I assume your doing stateful filtering. This isn't compatible with LVS; for LVS-DR because the return packets don't go through the director, for LVS-NAT because LVS-NAT reroutes packets so netfilter doesn't see them. The simple suggestion then is to turn off stateful filtering. The more complicated suggestion is to apply Siim Pedr's patch for LVS-NAT stateful filtering (look in the archives, it was about 2 months ago). Siim's patches will be in some future release of ip_vs(), but this won't help you now. Siim's patches tell netfilter to ignore packets controlled by LVS, which puts you back into the simple solution above, but it does handle the situation where people just have to have stateful filtering. There isn't a solution for LVS-DR, although Siim's code should be able to be extended to cover LVS-DR, if anyone wants to sit down and do it. Joe -- Joseph Mack NA3T EME(B,D), FM05lw North Carolina jmack (at) wm7d (dot) net - azimuthal equidistant map generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux! _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
