> I have 4 FreeBSD servers in one location. A firewall/nat load balances > between two web servers which hits a database server for content (also > behind firewall/nat). The database server replicates from a remote > location (outgoing connection), where the admin interface resides > (different facility). The problem I'm having is that it's a fairly > well-trafficked site. The ipnat entries table fills up quickly (30,000 > I think is the max), and so I have to ipnat -F fairly often (every 5 > minutes or so). The problem with this is that it kills any outgoing > connections (like my mysql replication). Is there a way I can set the > expiration for ipnat table entries, or setup mysql replication rules > in ipnat.conf that will be ignored when ipnat -F is issued?
rdr has and age option to define a different time out, the redirection for load ballencing could have a very short time out, causing your ipnat entries to exprire quickly. Just a guess, I never used it, but seen it from the manual. Another, more heavy solution, but maybe more robust, would be to have dual NIC in your mysql server and add a second firewall/nat. The mysql replication going through the second NIC and firewall. Bests, Olivier _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"