-   Linux - Networking (
-   -   NOTRACK for outgoing connections (

mustoofa 02-04-2012 02:32 PM

NOTRACK for outgoing connections
Hello - my first post :)
Basically Getting ip_conntrack full messages on my squid servers during peak, heavy usage hours. This phenomenon started since a few months and I believe we are targeted by malware/adware stuff coming from our internal networks (which consists of 4-5 hundred thousand users)

each squid is configured for 131072 conntrack entries (double than standard) and some squids are configured for 458475 (7 times) conntrack entries.

We have disabled connection tracking for the squid and dns ports. however, our squids make an outgoing connection to a webfilter array on a port (say 3456).
I have managed to configure iptables on the squids for NOTRACK'ing incoming connections, but I am not sure on how to do it for outgoing connections on port 3456 to the webfilter array.

i beleive it will be in the OUTPOUT chain in the raw table, but i am not sure if it has to be sport or dport.
If someone could write me the iptable rule, i would be very grateful.


devilboy09 02-06-2012 02:43 PM

iptables -A OUTPUT -o eth0 --dport 3456 -j DROP

unSpawn 02-06-2012 04:54 PM


Originally Posted by devilboy09 (Post 4595344)
iptables -A OUTPUT -o eth0 --dport 3456 -j DROP

This defaults to the "filter" table so should have explicit "-t raw".

mustoofa 02-07-2012 06:16 AM


Originally Posted by unSpawn (Post 4595421)
This defaults to the "filter" table so should have explicit "-t raw".

Thanks Guys,
I believe it must be ?
iptables -t raw -A OUTPUT -o eth0 --dport 3456 -j NOTRACK

All times are GMT -5. The time now is 08:10 AM.