Re: syncache testing
From: Barry Irwin (bvi@itouchlabs.com)
Date: 07/16/02
- Next message: zhang jack: "Re: syncache testing"
- Previous message: zhang jack: "Re: syncache testing"
- In reply to: zhang jack: "Re: syncache testing"
- Next in thread: zhang jack: "Re: syncache testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Jul 2002 05:15:13 +0200 From: Barry Irwin <bvi@itouchlabs.com> To: zhang jack <jack_zhangcl@hotmail.com>
Yes, I make use of ipfw and the separate NAT daemon, however. Given it some
more thought and I'm not sure if this would work as expected ( would be very
nice if it does, looking forward to the outcomes of your testing).
The second method I suggested, will work as the packets are being processed
by the local host, however you haev an additioanl software component and
load on the gateway/firewall. The sould work for beefing up the security of
your web servers if you then firewalled them from connecting to anywhere but
there local subnet, as all the Internet faccing communications is via the
reverse proxy.
Barry
On Tue 2002-07-16 (02:58), zhang jack wrote:
>
> Thanks for your reply.
> I have used Ipfilter,did you mean using port redirecting?
> rdr fxp0 210.96.1.1 port 80 -> 192.168.1.1 port 80
> can it pass though syncache? I know Ipfilter hook the packets
> in the IP level.
>
>
>
> >From: Barry Irwin <bvi@itouchlabs.com>
> >To: zhang jack <jack_zhangcl@hotmail.com>
> >CC: security@FreeBSD.ORG
> >Subject: Re: syncache testing
> >Date: Tue, 16 Jul 2002 04:42:12 +0200
> >
> >Hi
> >
> >I'm not overly familiar with the syncache code, but you _may_ be able to
> >make use of the syncache mitigation by having your server sitting behind
> the
> >BSD box, with traffic being natted. A solution that may work better is to
> >have a reverse proxy of sorts running on the BSD system which proxies
> >requests to your webservers.
> >
> >Barry
> >
> >
> >On Tue 2002-07-16 (02:24), zhang jack wrote:
> > >
> > > Hi,
> > > I am testing syncache on FreeBSD 4.6 stable,and it works fine,
> > > but I found it *only* protect syn flooding of itself,can it act
> > > as a gateway( or firewall ) to protect my www server?
> > > can anyone help me?
> >
> >--
> >Barry Irwin bvi@itouchlabs.com +27214875177
> >Systems Administrator: Networks And Security
> >iTouch TAS http://www.itouchlabs.com South Africa
>
>
>
>
> _________________________________________________________________
> 享用世界上最大的电子邮件系统— MSN Hotmail。http://www.hotmail.com/cn
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
>
-- Barry Irwin bvi@itouchlabs.com +27214875177 Systems Administrator: Networks And Security iTouch TAS http://www.itouchlabs.com South Africa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: zhang jack: "Re: syncache testing"
- Previous message: zhang jack: "Re: syncache testing"
- In reply to: zhang jack: "Re: syncache testing"
- Next in thread: zhang jack: "Re: syncache testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
