[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-virtual-server
Subject: Re: ipvs + source nat
From: trietz <trietz () t-ipnet ! net>
Date: 2006-10-19 13:23:24
Message-ID: 45377C4C.7020205 () t-ipnet ! net
[Download RAW message or body]
Ok, because i can't find the reason for the invalid packages, I searched
for a workaround to drop them.
My solution:
1. Patch my kernel sources with the ipvs_nfct patch.
2. Activate conntrack:
echo 1 > /proc/sys/net/ipv4/vs/conntrack
3. Add the following iptables rule on the director:
iptables -A FORWARD -i eth1 -o eth0 -m state --state INVALID -j DROP
iptables -A FORWARD -i eth2 -o eth0 -m state --state INVALID -j DROP
That's it.
Thomas
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic