Hi there.. I have a LVS setup with two directors direct routing to 4 real servers. I have been trying to use the 'connlimit' patch from Netfilter patch-o-matic on the director to restrict the number of concurrent connections coming into the VIP. I have not been able to get it working with the PREROUTING or FORWARD tables, and was wondering if is due to LVS that connlimit can not seem to track connections? I have tried this on kernel 2.4.27/ipvs1.0.11 and kernel 2.6.7/ipvs1.2 using the patch-o-matic from CVS at www.netfilter-org. I can see that connections directed at the director IP are being detected with connlimit, but connections passing through the VIP to the real servers are not. iptables -t nat -I PREROUTING -p tcp --syn --dport 25 -m connlimit --connlimit-above 2 --connlimit-mask 24 -j LOG --log-level info --log-prefix " 2+ SMTP connections " Any ideas how this can be made to work on the directors? Kind regards, Stuart.
