>Yes, you're right and I was wrong redirecting you to the netfilter mailinglist. >We will solve it on the LVS mailinglist and if there are problems with netfilter >we will come back, ok? Hey no problem, I must say that this is the most cordial and helpful mailing list I've been on. Thanks to everyone for your help. LVS has all ready saved me much time and money. >Yes, it is clearly the NF_STOLEN interaction of LVS in the NAT part of the code. this sounds like I might have opened a can of worms. :^D should/can lvs and iptables both track state, what would be the impact of that? -----Original Message----- From: Roberto Nibali [mailto:ratz@tac.ch] Sent: Friday, October 04, 2002 4:18 AM To: Tim Cronin Cc: 'Walther@gehag-dsk.de'; netfilter@lists.netfilter.org Subject: Re: iptables and linuxVirtualServer Hi, Tim Cronin wrote: > yup, I've checked the packet exchange for a single page request. > > the problem is that since lvs is handling the NAT for http > iptables doesn't look like it's tracking state. Yes, you're right and I was wrong redirecting you to the netfilter mailinglist. We will solve it on the LVS mailinglist and if there are problems with netfilter we will come back, ok? > if I let iptables handle nat to the web server the line below > works. Yes, it is clearly the NF_STOLEN interaction of LVS in the NAT part of the code. Sorry for the confusion I created, Roberto Nibali, ratz -- echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
