Date: Tue, 16 Jul 2002 14:28:52 +0000 (GMT) From: "Nielsen" <nielsen@memberwebs.com> To: "zhang jack" <jack_zhangcl@hotmail.com>, <bvi@itouchlabs.com> Cc: <security@FreeBSD.ORG> Subject: Re: syncache testing Message-ID: <20020716142852.0475E43B39A@mail.npubs.com> References: <F82K7Rz66lKjo0pzeSz00015b1f@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
It would seem that the syncache firewall would actually have to handle the TCP request. In otherwords you'd need a full fledged proxy which then forwards the request to your real www servers. Cheers Nate From: "zhang jack" <jack_zhangcl@hotmail.com> > I have tested Ipfilter + syncache, it seems doesn't work. > > client 192.168.1.1 > | > __|_______ fxp0:192.168.1.2 > > Gateway > > __________ fxp1:10.0.0.1 > | > | > www server 10.0.0.2 > > I make the rdr rule as: > "rdr fxp0 192.168.1.2/32 port 80 -> 10.0.0.2 port 80" > then I make syn flood to 192.168.1.2(on 192.168.1.1), > the syncache seems no work: > "net.inet.tcp.syncache.count: 0" > > Maybe I must use IPFW+Natd? > > > Jack Zhang > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020716142852.0475E43B39A>