> -----Original Message----- > From: lvs-users-boun...@linuxvirtualserver.org > [mailto:lvs-users-boun...@linuxvirtualserver.org] On Behalf > Of Lloyd Brown > Sent: Tuesday, July 29, 2014 4:41 PM > To: lvs-users@linuxvirtualserver.org > Subject: Re: [lvs-users] TCP Connection Sync Problems RHEL > > Frank, > > Okay. So disabling SELinux didn't seem to have any effect. > But adding iptables rules like these (from > /etc/sysconfig/iptables), seemed to get the connection > information syncing between directors: > > > #IPVS connection syncing for keepalived -A INPUT -d > 224.0.0.81/32 -s > > 192.168.25.9/32 -j ACCEPT -A INPUT -d 224.0.0.81/32 -s > > 192.168.25.10/32 -j ACCEPT > > In this state the connections are still getting stuck in the > ESTABLISHED state, instead of transitioning to FIN_WAIT. But > when I flush the iptables entirely ("iptables -F" or "service > iptables stop"), they seem to transition correctly. > > In general, I don't like the idea of leaving the iptables > completely empty, so I guess I'll have to figure out what > specific traffic is getting blocked, that is causing the > connections to get stuck in ESTABLISHED. If anyone has any > pointers on that one, I'd be glad to hear it.
Lloyd, hmm, it's senseless doubled but please can you try out what happens if you add on 1st line: # /sbin/iptables -I INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT # /sbin/service iptables save Do you have any OUTPUT rules in your iptables set? After disabeling SeLINUX do you have reboot the system? hope that helps, best regards Frank ============================== Frank Kirschner IT Services Celebrate Records GmbH Am Birkenwaeldchen 2 09366 Stollberg Germany mail: fr...@celebrate.de web: www.celebrate.de fon: +49 37296 9201 60 fax: +49 37296 9201 75 CEO: Carsten Haupt USt ID: DE 812 617 147 Registered at Country Court Chemnitz HRB ID: 16308 ------------------------------ PGP-Key is available at pgp.mit.edu ------------------------------ _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users