On Monday 21 of July 2008, you wrote:
> Vladislav Kurz a écrit :
> > On Monday 21 of July 2008, Dimitri GOURDON wrote:
> >> Hi all,
> >>
> >> I've setup LVS on a box using Keepalived (and Iptables) to load balance
> >> traffic between 2 web servers. I have a problem :
> >>
> >> A lot of TCP packets with FIN or RST flags (all I think) from clients
> >> are dropped by Iptables as state INVALID. The consequence is that I have
> >> a lot of connection in FIN_WAIT state (shown by netstat) on the 2 web
> >> servers...
> >
> > I have similar problem, and asked about it here. I was told to try newer
> > kernel (I run debian stable - 2.6.18). However I didn't upgrade yet, but
> > If you run the same kernel as I do and upgrade would help you I'd like to
> > here about that.
>
> I run 2.6.18-4-bigmem kernel. I've passed just a little to test a more
> recent but I stop because I've encountered problem with some iptables
> rules...
Temporary workaround is only to LOG invalid packets instead of DROP. The
system then becomes quite usable. Anyway try newer kernel if you can.
Or describe more in detail what problems with what rules did you have.
--
regards
Vladislav Kurz
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
