Pete Nesbitt wrote:
On May 24, 2004 07:09 pm, Ryan Golhar wrote:
I'm running an LDAP server to authenticate users using secure ldap on
port 636 -- standard port. The client access the server and I get the
following messages on server from the firewall:
May 23 04:02:10 myserver kernel: SYN-FLOOD: IN=eth0 OUT=
MAC=00:07:e9:ac:2a:22:00:04:c1:55:a7:c2:08:00 SRC=192.168.10.122
DST=192.168.10.2 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=31600 DF PROTO=TCP
SPT=36082 DPT=636 WINDOW=5840 RES=0x00 SYN URGP=0
I get these quite frequently from each client. My iptables firewall
rule is as follows:
On the input chain:
-A LINWIZ-INPUT -p tcp -m tcp --syn -j SYN-FLOOD
On the SYN-FLOOD chain:
-A SYN-FLOOD -m limit --limit 1/s --limit-burst 4 -j RETURN
-A SYN-FLOOD -j LOG --log-prefix "SYN-FLOOD: "
-A SYN-FLOOD -j DROP
Are my rules incorrect, or is it truly ldap clients flooding the server?
-----
Ryan Golhar
Computational Biologist
The Informatics Institute at
The University of Medicine & Dentistry of NJ
Phone: 973-972-5034
Fax: 973-972-7412
Email: golharam@xxxxxxxxx
Hi Ryan,
What other rules are in place?
Can you either post your iptables script or else the output of "iptables -L"?
Are the clients successfulling connecting/authenticating?
I think you should add the match establish & related rule
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
