> > You can check if you configured it correctly by doing an 'arping VIP' > > from a client (not the director / realserver!) and watching the output. > > You should see replies coming from one MAC address. This would be the > > MAC of the interface on the director that's serving the VIP. > >
Things work much better. The lost connections were because of iptables. I have this rule early on for server that has the director. I guess the ACK FIN is an technically an invalid state... -A INPUT -p tcp -m conntrack --ctstate INVALID -j LOG --log-prefix "FW-I BF: " -A INPUT -p tcp -m conntrack --ctstate INVALID -j REJECT --reject-with icmp-port-unreachable Apr 26 04:36:02 wall1 kernel: FW-I BF: IN=br0 OUT= PHYSIN=eth1 MAC=00:50:56:b1:63:bc:00:0c:29:92:be:b7:08:00 SRC=10.80.66.24 DST=10.80.55.11 LEN=52 TOS=0x08 PREC=0x00 TTL=64 ID=40835 DF PROTO=TCP SPT=52114 DPT=3917 WINDOW=363 RES=0x00 ACK FIN URGP=0 > > > > > > Léon > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > Send requests to lvs-users-requ...@linuxvirtualserver.org > or go to http://lists.graemef.net/mailman/listinfo/lvs-users _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
