NOTRACK action question
Gary W. Smith
gary at primeexalia.com
Wed Aug 24 20:23:02 CEST 2005
We are NAT'ing an IP range to a set of internal Apache servers. Looking
into the conntrack table we are seeing a bunch of entries on port 80,
which make sense. One of the web server clusters is getting about 1m
hits a day which is starting to cause a significant jump in conntrack
entries. My question is do we really need to track those?
I would assume no. But when I add a NOTRACK rule to the raw table
Apache suddenly fails to serve the pages to external clients.
Here are the rules in question
(on the raw table)
-A PREROUTING -i eth0 -p tcp -m multiport --dports 80 -j NOTRACK
(on the filter table)
-A FORWARD -d IP's -j filter_web
-A filter_web -p tcp -m multiport -j ACCEPT --dports http,https
Am I doing something wrong?
Gary Wayne Smith
More information about the netfilter