'no hit' for LVS connection tracking (SYN+ACK not translated)

Julian Anastasov ja at ssi.bg
Fri Aug 26 06:25:34 BST 2005


On Thu, 25 Aug 2005, Jari Takkala wrote:

> Hello,
> Has anyone been able to look at this problem? Would Julian or Joe have an idea of why this is occurring? Can anyone offer me any pointers on where I could continue with my troubleshooting?

	I can not reproduce it, i tried with 2.4.32-pre3 as it contains
some changes. Can you show your vs settings?:

grep . /proc/sys/net/ipv4/vs/*

	So, you don't have any iptables rules, fwmarking, NAT or
linux ethernet bridging? Any extra patches for IPVS?

	From your explanation ip_vs_ftp leads to problems where SYN
creates web connection, it is hashed in table, DNAT-ed to RS, then RS
replies SYN+ACK which can not match the connection in table, it looks
like this connection is not present (may be removed, do you see something
in debug logs from the SYN to the SYN+ACK) or hash table is damaged. Do 
you still think it is caused by ip_vs_ftp? About your tests, is the
client IP on lan? Do you think this client IP has many connections to
the director?


Julian Anastasov <ja at ssi.bg>

More information about the lvs-users mailing list