Thank you for the suggestion. We didn't have the netfilter module loaded at all so I don't think it would have having any impact. However I loaded it and set this setting and it didn't change the behavior. The ip_conntrack_tcp_be_liberal setting wasn't available on our kernel version looks like I can't find a module to load to enable that.
We did find something interesting. If we add additional headers to the working http request we can make it fail. WORKS: curl -H "X:1" http://10.64.96.10/healthcheck FAILS: curl -H "X:12" http://10.64.96.10/healthcheck 190 bytes works, 191 bytes fails with the failure to tunnel problem. Phillip Moore On Fri, Aug 28, 2015 at 2:42 PM, Julian Anastasov <j...@ssi.bg> wrote: > > Can you test with enabled nf_conntrack_tcp_be_liberal > or ip_conntrack_tcp_be_liberal sysctl value in director? > May be packets are dropped by conntrack because packets > from reply direction are not seen. _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users