[lvs-users] Curl request from linux director to the virtual ip address times out

Carl S. Gutekunst csgv1145 at zycada.com
Thu Aug 16 20:09:20 BST 2018

On 08/16/2018 11:47 AM, Viktor Nonov wrote:
> Replacing the route enabled successfully sending and delivering  the SYN
> packet to one of the real servers, but the SYN-ACK packet that was received
> was considered by the kernel a martian packet since the source IP was $VIP
> (assigned to the director's local interface) and destination IP - the $DIP.
> This was solved by setting accept_local to 1:
> sysctl -w net.ipv4.conf.all.accept_local=1
> ....
> Not sure if setting accept_local to 1 will lead to other problems, but
> everything works okay for now.

I've been arguing with myself over the risk of setting accept_local to 
1. Our operations staff would really like to be able to test connections 
while ssh'd into the director, but the idea that Bad Guys could forge my 
own IPs makes me uncomfortable. Does anyone have field experience with 
this that they can share?


More information about the lvs-users mailing list