ipvs + source nat

trietz trietz at t-ipnet.net
Thu Oct 19 14:23:24 BST 2006 

Ok, because i can't find the reason for the invalid packages, I searched 
for a workaround to drop them.
My solution:

1. Patch my kernel sources with the ipvs_nfct patch.

2. Activate conntrack:
echo 1 > /proc/sys/net/ipv4/vs/conntrack

3. Add the following iptables rule on the director:

    iptables -A FORWARD -i eth1 -o eth0 -m state --state INVALID -j DROP
    iptables -A FORWARD -i eth2 -o eth0 -m state --state INVALID -j DROP

That's it.

Thomas

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list