From owner-freebsd-security  Mon Jul 15 19:58:42 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6A91E37B401
	for <security@FreeBSD.ORG>; Mon, 15 Jul 2002 19:58:14 -0700 (PDT)
Received: from hotmail.com (f212.law15.hotmail.com [64.4.23.212])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3134A43E67
	for <security@FreeBSD.ORG>; Mon, 15 Jul 2002 19:58:14 -0700 (PDT)
	(envelope-from jack_zhangcl@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Mon, 15 Jul 2002 19:58:14 -0700
Received: from 202.94.4.250 by lw15fd.law15.hotmail.msn.com with HTTP;
	Tue, 16 Jul 2002 02:58:13 GMT
X-Originating-IP: [202.94.4.250]
From: "zhang jack" <jack_zhangcl@hotmail.com>
To: bvi@itouchlabs.com
Cc: security@FreeBSD.ORG
Subject: Re: syncache testing
Date: Tue, 16 Jul 2002 02:58:13 +0000
Mime-Version: 1.0
Content-Type: text/plain; charset=gb2312; format=flowed
Message-ID: <F212ebm4M2S0gUFDKPG00005e2f@hotmail.com>
X-OriginalArrivalTime: 16 Jul 2002 02:58:14.0114 (UTC) FILETIME=[A08BCC20:01C22C74]
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Thanks for your reply.
I have used Ipfilter,did you mean using port redirecting?
rdr fxp0 210.96.1.1 port 80 -> 192.168.1.1 port 80
can it pass though syncache? I know Ipfilter hook the packets
in the IP level.



>From: Barry Irwin <bvi@itouchlabs.com>
>To: zhang jack <jack_zhangcl@hotmail.com>
>CC: security@FreeBSD.ORG
>Subject: Re: syncache testing
>Date: Tue, 16 Jul 2002 04:42:12 +0200
>
>Hi
>
>I'm not overly familiar with the syncache code, but you _may_ be able to
>make use of the syncache mitigation by having your server sitting behind 
the
>BSD box, with traffic being natted.  A solution that may work better is to
>have a reverse proxy of sorts running on the BSD system which proxies
>requests to your webservers.
>
>Barry
>
>
>On Tue 2002-07-16 (02:24), zhang jack wrote:
> >
> > Hi,
> >   I am testing syncache on FreeBSD 4.6 stable,and it works fine,
> > but I found it *only* protect syn flooding of itself,can it act
> > as a gateway( or firewall ) to protect my www server?
> >   can anyone help me?
>
>--
>Barry Irwin		bvi@itouchlabs.com			+27214875177
>Systems Administrator: Networks And Security
>iTouch TAS 		http://www.itouchlabs.com		South Africa




_________________________________________________________________
享用世界上最大的电子邮件系统— MSN Hotmail。http://www.hotmail.com/cn


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message