ldirectord appears to cause iptable traversal issue

Brian Jenkins bjenkins at monex.com
Tue Oct 24 02:51:39 BST 2006


Yes I have.  And absent the inclusion of Ldirectord, the system 
firewalls and load balances very well.  Its when I add Ldirectord that 
the INPUT chain traversal path gets weird.  Specifically, I can match 
the packet when doing logging, but when I try to accept it, using the 
same matching fields, the packet appears to jump to the end of the 
chain.  It's the strangest thing.  One thing I didn't mention in my 
earlier email is that I have not patched the kernel to take advantage of 
state matching in my firewall script.  But, the articles you mention 
don't seem to indicate that it's a requirement for doing 
firewalling/load balancing/monitoring.

I really appreciate your feedback as I've been working on this night and 
day for over a week, and I really want to use these technologies.

Many thanks.


> On Mon, 23 Oct 2006, Brian Jenkins wrote:
>> Hi all:
>> I'm running lvs on my firewall and everything works well.
> since you're running LVS-NAT, have you read
> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#lvs_nat_problems 
> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.filter_rules.html
> ?
> Joe

More information about the lvs-users mailing list