On Tuesday 2008-09-23 09:13, Julius Volz wrote: > >Ok, the SYN/ACK from the backend is logged as --cstate INVALID in >PREROUTING and INPUT. This means that Netfilter thinks it doesn't >belong to any connection, although it just SNATed the SYN to the >backend correctly? Hmm... how can this be? That probably means skb->nfct is lost (set to NULL, which is what INVALID indicates) after SNAT (PREROUTING), when IPVS kicks in. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
