I am experiencing problems with a active-active gateway setup, where
the gateway(s) also
act as ipvs load balancers.
This problem seems to be caused by ipvs not doing connection tracking
(connections handled
by ipvs is not visible to conntracktools atleast), the following happends:
* gateway nat's (ipvs masquerade) the correct packets to realserver
* realserver gets packet
* reply packet gets dropped by --state INVALID -j DROP match (not tracked)
* I remove invalid drop, but gateway's still drop reply packets
* seems this is caused by the following lines of code in xt_cluster.c:
xt_cluster_mt(const struct sk_buff *skb, struct xt_action_param *par)
[...]
ct = nf_ct_get(skb, &ctinfo);
if (ct == NULL)
return false;
if (nf_ct_is_untracked(ct))
return false;
Is there any way to make this work without code modifications?
Best regards from Norway,
--
Bj(/)rnar
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
