From owner-freebsd-questions@FreeBSD.ORG  Wed Jul 18 10:27:30 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 449A816A403
	for <freebsd-questions@freebsd.org>;
	Wed, 18 Jul 2007 10:27:30 +0000 (UTC) (envelope-from on@cs.ait.ac.th)
Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16])
	by mx1.freebsd.org (Postfix) with ESMTP id BCCFE13C494
	for <freebsd-questions@freebsd.org>;
	Wed, 18 Jul 2007 10:27:29 +0000 (UTC) (envelope-from on@cs.ait.ac.th)
Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5])
	by mail.cs.ait.ac.th (8.13.1/8.12.11) with ESMTP id l6IARRGS023553
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Wed, 18 Jul 2007 17:27:27 +0700 (ICT)
Received: (from on@localhost)
	by banyan.cs.ait.ac.th (8.13.3/8.12.11) id l6IARQhO066655;
	Wed, 18 Jul 2007 17:27:26 +0700 (ICT)
Date: Wed, 18 Jul 2007 17:27:26 +0700 (ICT)
Message-Id: <200707181027.l6IARQhO066655@banyan.cs.ait.ac.th>
From: Olivier Nicole <on@cs.ait.ac.th>
To: jjfitzgerald@gmail.com
In-reply-to: <5e49673f0707180240g77c0bcyd98b39c2042a7e2@mail.gmail.com>
	(jjfitzgerald@gmail.com)
References: <5e49673f0707180240g77c0bcyd98b39c2042a7e2@mail.gmail.com>
X-Virus-Scanned: on CSIM by amavisd-milter (http://www.amavis.org/)
Cc: freebsd-questions@freebsd.org
Subject: Re: ipnat + mysql replication
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2007 10:27:30 -0000

> I have 4 FreeBSD servers in one location. A firewall/nat load balances
> between two web servers which hits a database server for content (also
> behind firewall/nat). The database server replicates from a remote
> location (outgoing connection), where the admin interface resides
> (different facility). The problem I'm having is that it's a fairly
> well-trafficked site. The ipnat entries table fills up quickly (30,000
> I think is the max), and so I have to ipnat -F fairly often (every 5
> minutes or so). The problem with this is that it kills any outgoing
> connections (like my mysql replication). Is there a way I can set the
> expiration for ipnat table entries, or setup mysql replication rules
> in ipnat.conf that will be ignored when ipnat -F is issued?

rdr has and age option to define a different time out, the redirection
for load ballencing could have a very short time out, causing your
ipnat entries to exprire quickly.

Just a guess, I never used it, but seen it from the manual.

Another, more heavy solution, but maybe more robust, would be to have
dual NIC in your mysql server and add a second firewall/nat.
The mysql replication going through the second NIC and firewall.

Bests,

Olivier