From owner-freebsd-questions@FreeBSD.ORG Wed Jul 18 10:07:52 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7DD1E16A400 for ; Wed, 18 Jul 2007 10:07:52 +0000 (UTC) (envelope-from jjfitzgerald@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.188]) by mx1.freebsd.org (Postfix) with ESMTP id 0ACF513C4C5 for ; Wed, 18 Jul 2007 10:07:51 +0000 (UTC) (envelope-from jjfitzgerald@gmail.com) Received: by mu-out-0910.google.com with SMTP id w9so153276mue for ; Wed, 18 Jul 2007 03:07:50 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=BVXNVP3/G7lhOjZqDxmCFoPBucxSyyV1nj8f+EzgoMIiDAThEO9ZS/ybKueUnqBMCB/eO+2UJ3cCwae71BVGZtTcntdA2Zh1TD3/miMSBTKVjTBTNYzt7KyApfsCi5YP21MJ6+/Ptqu9EqBfAH5a8vAyyP4cSW1HZkbBD2NkBH8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=Ai/8DrclM4xufJ4gkhPT1XXCkvEnU4+obdJFhEsDpct4LrUMxLqg5HvSxPC1KQ8fVjNpHDWrtNS5+Vqoq9S6QTWqNZVyPas/lu6NykhFiNQx52aT+GfqeRHSEEhKeNA2qagsxb68tJmNz2mrr5YPTiALE1n0UkhTGWE1WWHXVig= Received: by 10.82.112.3 with SMTP id k3mr1708731buc.1184751630550; Wed, 18 Jul 2007 02:40:30 -0700 (PDT) Received: by 10.82.162.9 with HTTP; Wed, 18 Jul 2007 02:40:30 -0700 (PDT) Message-ID: <5e49673f0707180240g77c0bcyd98b39c2042a7e2@mail.gmail.com> Date: Wed, 18 Jul 2007 05:40:30 -0400 From: "John Fitzgerald" To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: ipnat + mysql replication X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jul 2007 10:07:52 -0000 Hi, I have 4 FreeBSD servers in one location. A firewall/nat load balances between two web servers which hits a database server for content (also behind firewall/nat). The database server replicates from a remote location (outgoing connection), where the admin interface resides (different facility). The problem I'm having is that it's a fairly well-trafficked site. The ipnat entries table fills up quickly (30,000 I think is the max), and so I have to ipnat -F fairly often (every 5 minutes or so). The problem with this is that it kills any outgoing connections (like my mysql replication). Is there a way I can set the expiration for ipnat table entries, or setup mysql replication rules in ipnat.conf that will be ignored when ipnat -F is issued? Thanks, JJ