On Thu, Sep 18, 2008 at 12:53 AM, Joseph Mack NA3T <jmack@xxxxxxxx> wrote: > On Tue, 16 Sep 2008, Julius Volz wrote: > >> Amazingly, the first SYN and the SYN/ACK of a TCP connection to the >> VIP:vport do not traverse the NAT chain in POSTROUTING at all > > :-( > >> (verified by LOG target), > > you didn't see the packets in the logs? Exactly. No matter what I do, only the ACK in response to the SYN/ACK appears in the logs. With SNAT without IPVS, the SYN packet correctly enters the chain/table. I haven't found anything in the IPVS or Netfilter code yet that could cause this problem... Julius -- Julius Volz - Corporate Operations - SysOps Google Switzerland GmbH - Identification No.: CH-020.4.028.116-1 -- To unsubscribe from this list: send the line "unsubscribe lvs-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
