On Thursday 30 August 2012 14:28:20 Oliver wrote: > Yep, I'd be happy to test. I've also uncovered a new issue: I have two > Active- Active machines (conntrackd running NOTRACK mode with both External > and Internal cache disabled) > > In kernel 3.2 this pair works asymmetric and issue-free. Upgrade it to 3.4 > and it immediately has around 50% failure of TCP connection attempts on > systems behind them - ICMP on the other hand is flawless, DNS lookups also > are OK so I *believe* that UDP may also be performing well - I've no idea > where to even look on this one so any insight would be most appreciated. > > Kind Regards, > Oliver Another thing that just entered my mind: I configured raw/PREROUTING to -j CT --notrack TCP port 80 (source and dest) on the appropriate interfaces and this resulted in total loss despite the fact that I had --ctstate UNTRACKED set to ACCEPT - and again, this behaviour only occurs under 3.4.[9|10] (probably earlier too but I didn't test) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
