On Monday 2010-07-26 12:35, Pablo Neira Ayuso wrote: > On 25/07/10 18:34, Jan Engelhardt wrote: >> On Wednesday 2010-07-14 00:18, Edison Figueira wrote: >> >>> I configured CLUSTERIP in two boxes to make balancing proxy, and >>> apparently it all worked but I get several messages from "CLUSTERIP: >>> no conntrack. >>> >>> Does anyone know what this message means? >> >> Means packets are tagged as INVALID. > > Indeed. You have to add a rule to drop invalid packets before the CLUSTERIP > rule to avoid this message. Hm, couldn't we just drop the message? There are many other components in Netfilter that silently bail out when nf_ct_get returns NULL, like xt_connlimit. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
