> Have you disabled window scaling on your Postfix server. Lost connections > are often the result of firewalls mangling "advanced" TCP features. > > - Disable window scaling > - Disable ECN >
I don't believe we have disabled any of the advanced features. That will give me something to do this weekend. I was thinking that maybe Weitse was right and that it's a conntrack issue, but changing ipvsadm to persistent has reduced the number of lost data commands. What I'm thinking is there is some tweaks I need to make to the timeout of connections being NAT'ed back through ipvsadm. For some reason I was thinking that iptables connection tracking and ipvsadm NAT tracking were interrelated and the more I look, this is not the case. So it could be similar to what Weitse thought, just from a different angle. While I'm in there I'll look at making sure all of the other settings are sane for the firewall boxes. Gary-
