Well now for the facepalm moment. I updated our kernel for Scientific Linux for a security update and it seems to have solved this problem. I will endeavor to find what bug was fixed now.
failing kernel: kernel-2.6.32-504.30.3.el6.x86_64 working kernel: kernel-2.6.32-573.el6.x86_64 Julian, thank you so much for your help. It is really appreciated. Phillip Moore On Fri, Aug 28, 2015 at 3:16 PM, Phillip Moore <p...@pobox.com> wrote: > Thank you for the suggestion. > > We didn't have the netfilter module loaded at all so I don't think it > would have having any impact. However I loaded it and set this setting > and it didn't change the behavior. > The ip_conntrack_tcp_be_liberal setting wasn't available on our kernel > version looks like I can't find a module to load to enable that. > > We did find something interesting. If we add additional headers to the > working http request we can make it fail. > > WORKS: curl -H "X:1" http://10.64.96.10/healthcheck > FAILS: curl -H "X:12" http://10.64.96.10/healthcheck > > 190 bytes works, 191 bytes fails with the failure to tunnel problem. > > > _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users