LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   NOTRACK for outgoing connections (http://www.linuxquestions.org/questions/linux-networking-3/notrack-for-outgoing-connections-927613/)

mustoofa 02-04-2012 03:32 PM

NOTRACK for outgoing connections
 
Hello - my first post :)
Basically Getting ip_conntrack full messages on my squid servers during peak, heavy usage hours. This phenomenon started since a few months and I believe we are targeted by malware/adware stuff coming from our internal networks (which consists of 4-5 hundred thousand users)

each squid is configured for 131072 conntrack entries (double than standard) and some squids are configured for 458475 (7 times) conntrack entries.

We have disabled connection tracking for the squid and dns ports. however, our squids make an outgoing connection to a webfilter array on a port (say 3456).
I have managed to configure iptables on the squids for NOTRACK'ing incoming connections, but I am not sure on how to do it for outgoing connections on port 3456 to the webfilter array.

i beleive it will be in the OUTPOUT chain in the raw table, but i am not sure if it has to be sport or dport.
If someone could write me the iptable rule, i would be very grateful.

Regards
Mustoofa

devilboy09 02-06-2012 03:43 PM

iptables -A OUTPUT -o eth0 --dport 3456 -j DROP

unSpawn 02-06-2012 05:54 PM

Quote:

Originally Posted by devilboy09 (Post 4595344)
iptables -A OUTPUT -o eth0 --dport 3456 -j DROP

This defaults to the "filter" table so should have explicit "-t raw".

mustoofa 02-07-2012 07:16 AM

Quote:

Originally Posted by unSpawn (Post 4595421)
This defaults to the "filter" table so should have explicit "-t raw".

Thanks Guys,
I believe it must be ?
iptables -t raw -A OUTPUT -o eth0 --dport 3456 -j NOTRACK


All times are GMT -5. The time now is 10:48 AM.