> Could you try latest conntrack-tools 0.9.10? I released them 
yesterday > along with accumulated updates/fixes. Thanks!

I experience right now some difficulties to compile version 0.9.10 on 
lenny. I keep you in touch with test results.

Regards,

Pablo Neira Ayuso wrote:
> Hi again Yoann,
> 
> Yoann Juet wrote:
>> Hi pablo !
>>
>>> that were fixed in the subsequent kernel releases, but I did not know
>>> any that affected the internal TCP flags set/unset. As these stuff is
>>> under development, I suggest you to use the latest Linux kernel,
>>> please let me know if the problem persists.
>> I still have the same symptoms with a 2.6.28-2 kernel. My testbed is not
>> so far away from yours:
>>
>> You                Me
>> ----------------------------------
>> Etch <->         Lenny
>> 2.6.28 <->         2.6.28-2
>> conntrack 0.9.9? <->     conntrack 0.9.9
>> ftfw mode <->         ftfw mode
>> keepalived 1.1.15 <->     heartbeat 2.1.3
>> no virtualization <->     KVM with net virtio
> 
> Indeed, very similar.
> 
>> On your opinion, could it be the side effect of KVM ? Unfortunately, I
>> cannot do without KVM, and cannot test easily without...
> 
> I'm not familiar with KVM, but before pointing to it as the problem
> (since I think that it is transparent to conntrackd). Could you try
> latest conntrack-tools 0.9.10? I released them yesterday along with
> accumulated updates/fixes. Thanks!
>