Hello, We are NAT'ing an IP range to a set of internal Apache servers. Looking into the conntrack table we are seeing a bunch of entries on port 80, which make sense. One of the web server clusters is getting about 1m hits a day which is starting to cause a significant jump in conntrack entries. My question is do we really need to track those? I would assume no. But when I add a NOTRACK rule to the raw table Apache suddenly fails to serve the pages to external clients. Here are the rules in question (on the raw table) -A PREROUTING -i eth0 -p tcp -m multiport --dports 80 -j NOTRACK (on the filter table) -A FORWARD -d IP's -j filter_web -A filter_web -p tcp -m multiport -j ACCEPT --dports http,https Am I doing something wrong? Gary Wayne Smith
