Hi. I have a problem about using syn proxy to protect different kind of servers. I have a firewall that located in front of some servers. These servers are different kind (like linux and windows) and are not managed by me. Problem caused by wscale parameter of syn proxy rule. When I listen servers traffic, I realized they are working with different wscale option. I tried to write syn proxy rule without giving wscale parameter as below, but It didn't work. iptables -A PREROUTING -t raw -i eth0 -p tcp -m tcp --syn -j CT --notrack iptables -A FORWARD -i eth0 -p tcp -m tcp -m state --state INVALID,UNTRACKED --sack-perm --timestamp iptables -A FORWARD -i eth0 -p tcp -m tcp -m state --state INVALID -j DROP I also tried to set net.ipv4.tcp_window_scaling=0 with sysctl but It also didn't work. Is there any practice to solve this issue? -- ibrahim
