ldirectord appears to cause iptable traversal issue

Brian Jenkins bjenkins at monex.com
Tue Oct 24 02:51:39 BST 2006 

Joe:

Yes I have.  And absent the inclusion of Ldirectord, the system 
firewalls and load balances very well.  Its when I add Ldirectord that 
the INPUT chain traversal path gets weird.  Specifically, I can match 
the packet when doing logging, but when I try to accept it, using the 
same matching fields, the packet appears to jump to the end of the 
chain.  It's the strangest thing.  One thing I didn't mention in my 
earlier email is that I have not patched the kernel to take advantage of 
state matching in my firewall script.  But, the articles you mention 
don't seem to indicate that it's a requirement for doing 
firewalling/load balancing/monitoring.

I really appreciate your feedback as I've been working on this night and 
day for over a week, and I really want to use these technologies.

Many thanks.

Brian

> On Mon, 23 Oct 2006, Brian Jenkins wrote:
>
>> Hi all:
>>
>> I'm running lvs on my firewall and everything works well.
>
> since you're running LVS-NAT, have you read
>
> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#lvs_nat_problems 
>
>
> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.filter_rules.html
>
> ?
>
> Joe
>

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list