Hi, Tim Cronin wrote: > yup, I've checked the packet exchange for a single page request. > > the problem is that since lvs is handling the NAT for http > iptables doesn't look like it's tracking state. Yes, you're right and I was wrong redirecting you to the netfilter mailinglist. We will solve it on the LVS mailinglist and if there are problems with netfilter we will come back, ok? > if I let iptables handle nat to the web server the line below > works. Yes, it is clearly the NF_STOLEN interaction of LVS in the NAT part of the code. Sorry for the confusion I created, Roberto Nibali, ratz -- echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
