[Firehol-support] Firewall on DMZ
Tsaousis, Costa
costa at tsaousis.gr
Thu Apr 30 17:18:15 CEST 2015
SYN FLOOD
This is your problem.
You have a protection statement which limits the number of requests per second.
Costa
On Thu, Apr 30, 2015 at 6:11 PM, Tony Peña <emperor.cu at gmail.com> wrote:
> the log sis on the webserver... wich is a linux centos 6.3
>
> 2015-04-30 17:10 GMT+02:00 Tony Peña <emperor.cu at gmail.com>:
>>
>> Hi...
>>
>> thanxs for reply fast...
>>
>> the SRC is any from internet ... the router do SNAT (as transparent ) and
>> send me the http request to my uniq eth on the linux
>>
>> will you see on the logs. 192.168.7.101....
>>
>> Apr 30 17:08:45 agentiweb1 kernel: SYN FLOOD:IN=eth0 OUT=
<cut the lines to protect your IPs>
>> DST=192.168.7.101 LEN=48 TOS=0x08 PREC=0x20 TTL=108 ID=21073 DF PROTO=TCP
>> SPT=4230 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
>>
>> 2015-04-30 17:07 GMT+02:00 Tsaousis, Costa <costa at tsaousis.gr>:
>>>
>>> Tony,
>>>
>>> Could you please post the iptables log line of the failed request?
>>> Replace $trusted_ip if you don't want us to know the IP.
>>> Where do you get log line? On the web server or the router?
>>>
>>> Costa
>>>
>>>
>>>
>>>
>>> On Thu, Apr 30, 2015 at 4:39 PM, Tony Peña <emperor.cu at gmail.com> wrote:
>>> > Hi
>>> > I want to stop flood syn traffic over http from external ip but I have
>>> > only
>>> > eth0 on linux
>>> >
>>> > I have the linux on dmz with ip 192.168.7.1 and only eth0
>>> > I have setup the snat from public ip from the router to linux to 80 and
>>> > 443
>>> >
>>> > But when i set on firehol
>>> >
>>> > -------------------------
>>> > version 5
>>> >
>>> > Trusted_ip="other ip trusted"
>>> >
>>> > blacklist full "list black ip"
>>> >
>>> > Interface eth0 ethernet
>>> > Policy drop
>>> > Server "http https" accept src "$trusted_ip"
>>> > Client all accept
>>> > ------------------------------------
>>> >
>>> > Can't access from my trust ip to apache
>>> >
>>> > On the /var/log/messages i can see request failed of kernel from any
>>> > including my trusted ip.
>>> >
>>> >
>>> > My question is how can i set firehol if on my server is on dmz and have
>>> > only 1 ethernet access?
>>> >
>>> > from internet --> router (SNAT any to --> eth0 linux
>>> > from lan (192.168.0.1/24) --> routing to --> eth0 linux
>>> >
>>> > when firehol is active nobody access to http and https
>>> >
>>> > Any idea?
>>> >
>>> > Thanxs in advace
>>> >
>>> > --
>>> > Antonio Peña
>>> > Secure email with PGP 0x8B021001 available at https://pgp.mit.edu
>>> >
>>> > <https://pgp.mit.edu/pks/lookup?search=0x8B021001&op=index&fingerprint=on&exact=on>
>>> > Fingerprint: 74E6 2974 B090 366D CE71 7BB2 6476 FA09 8B02 1001
>>> > _______________________________________________
>>> > Firehol-support mailing list
>>> > Firehol-support at lists.firehol.org
>>> > http://lists.firehol.org/mailman/listinfo/firehol-support
More information about the Firehol-support
mailing list