Date: Wed, 18 Jul 2007 17:27:26 +0700 (ICT) From: Olivier Nicole <on@cs.ait.ac.th> To: jjfitzgerald@gmail.com Cc: freebsd-questions@freebsd.org Subject: Re: ipnat + mysql replication Message-ID: <200707181027.l6IARQhO066655@banyan.cs.ait.ac.th> In-Reply-To: <5e49673f0707180240g77c0bcyd98b39c2042a7e2@mail.gmail.com> (jjfitzgerald@gmail.com) References: <5e49673f0707180240g77c0bcyd98b39c2042a7e2@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I have 4 FreeBSD servers in one location. A firewall/nat load balances > between two web servers which hits a database server for content (also > behind firewall/nat). The database server replicates from a remote > location (outgoing connection), where the admin interface resides > (different facility). The problem I'm having is that it's a fairly > well-trafficked site. The ipnat entries table fills up quickly (30,000 > I think is the max), and so I have to ipnat -F fairly often (every 5 > minutes or so). The problem with this is that it kills any outgoing > connections (like my mysql replication). Is there a way I can set the > expiration for ipnat table entries, or setup mysql replication rules > in ipnat.conf that will be ignored when ipnat -F is issued? rdr has and age option to define a different time out, the redirection for load ballencing could have a very short time out, causing your ipnat entries to exprire quickly. Just a guess, I never used it, but seen it from the manual. Another, more heavy solution, but maybe more robust, would be to have dual NIC in your mysql server and add a second firewall/nat. The mysql replication going through the second NIC and firewall. Bests, Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707181027.l6IARQhO066655>