[CentOS] conntrack-tools and Session syncing
Dirk H. Schulz
dirk.schulz at kinzesberg.deSun Aug 10 12:36:46 UTC 2008
- Previous message: [CentOS] can't access irc server on xen domU, please help
- Next message: [CentOS] conntrack-tools and Session syncing
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi folks, I have 2 firewalls, setup with Centos 5.2. They are also routers, connected to 2 upstream routers. I have some cases where connections from servers to the internet leave my network via router2 and answers come back via router1. So I added conntrack tools to both routers/firewalls to synchronize the session tables (using ftfw procotol). That works as expected. If e.g. I ping from an inside server to somewhere outside, ICMP request leaves via router2, the answer comes back via router1. conntrack -e on router1 shows this session (as unreplied), BUT the firewall blocks it as new connection - that means iptables does not recognize conntrackd's addition to the session table. Seems that I have a conceptional misunderstanding here - but I do not find anything that could be wrong. Could somebody please help? I am stuck. Any hint or help is appreciated. Dirk
- Previous message: [CentOS] can't access irc server on xen domU, please help
- Next message: [CentOS] conntrack-tools and Session syncing
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list