Brian Ghidinelli wrote: > > A blanket ACCEPT rule on outgoing traffic doesn't seem very secure for a > firewall, though.
It isn't, and in my case there's a firewall in front of the LVS. Outgoing FORWARDed traffic is not the one allowed though, it is the traffic originating on the LVS machine itself, the OUTPUT chain in the main table which is usually left open anyway. Since then I have noticed the INPUT chain would have blocked the same packet in the same configuration, so both INPUT and OUTPUT need to have a stateless ACCEPT on that tcp port for the LVS to work. -- Laurentiu _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
