LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-04-2012, 02:32 PM   #1
mustoofa
LQ Newbie
 
Registered: Oct 2011
Distribution: CentOS, RHEL, Ubuntu
Posts: 5

Rep: Reputation: Disabled
NOTRACK for outgoing connections


Hello - my first post
Basically Getting ip_conntrack full messages on my squid servers during peak, heavy usage hours. This phenomenon started since a few months and I believe we are targeted by malware/adware stuff coming from our internal networks (which consists of 4-5 hundred thousand users)

each squid is configured for 131072 conntrack entries (double than standard) and some squids are configured for 458475 (7 times) conntrack entries.

We have disabled connection tracking for the squid and dns ports. however, our squids make an outgoing connection to a webfilter array on a port (say 3456).
I have managed to configure iptables on the squids for NOTRACK'ing incoming connections, but I am not sure on how to do it for outgoing connections on port 3456 to the webfilter array.

i beleive it will be in the OUTPOUT chain in the raw table, but i am not sure if it has to be sport or dport.
If someone could write me the iptable rule, i would be very grateful.

Regards
Mustoofa
 
Old 02-06-2012, 02:43 PM   #2
devilboy09
Member
 
Registered: Nov 2011
Location: Iran
Distribution: Debian, CentOS, LFS
Posts: 351

Rep: Reputation: 7
iptables -A OUTPUT -o eth0 --dport 3456 -j DROP
 
Old 02-06-2012, 04:54 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,991
Blog Entries: 54

Rep: Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744
Quote:
Originally Posted by devilboy09 View Post
iptables -A OUTPUT -o eth0 --dport 3456 -j DROP
This defaults to the "filter" table so should have explicit "-t raw".
 
Old 02-07-2012, 06:16 AM   #4
mustoofa
LQ Newbie
 
Registered: Oct 2011
Distribution: CentOS, RHEL, Ubuntu
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
This defaults to the "filter" table so should have explicit "-t raw".
Thanks Guys,
I believe it must be ?
iptables -t raw -A OUTPUT -o eth0 --dport 3456 -j NOTRACK
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables and outgoing connections Dutchy_ Linux - Security 8 10-30-2009 01:48 PM
google chrome outgoing connections aizkorri General 3 01-04-2009 01:03 AM
firewall outgoing connections hotrodowner Linux - Security 2 02-22-2004 12:51 PM
outgoing connections DonMiner Linux - Networking 2 05-02-2003 09:51 AM
Spurious outgoing connections while browsing LQ the theorist LQ Suggestions & Feedback 1 05-24-2002 10:29 AM


All times are GMT -5. The time now is 03:06 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration