[lvs-users] Curl request from linux director to the virtual ip address times out
Carl S. Gutekunst
csgv1145 at zycada.com
Thu Aug 16 20:09:20 BST 2018
On 08/16/2018 11:47 AM, Viktor Nonov wrote:
> Replacing the route enabled successfully sending and delivering the SYN
> packet to one of the real servers, but the SYN-ACK packet that was received
> was considered by the kernel a martian packet since the source IP was $VIP
> (assigned to the director's local interface) and destination IP - the $DIP.
> This was solved by setting accept_local to 1:
> sysctl -w net.ipv4.conf.all.accept_local=1
>
> ....
> Not sure if setting accept_local to 1 will lead to other problems, but
> everything works okay for now.
I've been arguing with myself over the risk of setting accept_local to
1. Our operations staff would really like to be able to test connections
while ssh'd into the director, but the idea that Bad Guys could forge my
own IPs makes me uncomfortable. Does anyone have field experience with
this that they can share?
<csg>
More information about the lvs-users
mailing list