syn cookies are a feature of the tcp stack to delay setting up full tcp state to avoid resource starvation and to avoid syn floods (lots of syns never completed freezing out good new connections.) James S. Binder 408.761.1403 (cell) On Apr 23, 2011, at 9:02 AM, Marcus Kool <marcus.kool@xxxxxxxxxxxxxxx> wrote: > When a TCP connection is established, TCP SYN packets are exchanged. > Blocking SYN packets is the same as blocking all TCP traffic. > > > Andreas Braathen wrote: >> I tried it, but it did not change anything. Squid still sends SYN packets to establish state with destination. >> Any other suggestions? >>> edit /etc/sysctl.conf >>> change net.ipv4.tcp_syncookies=1 to net.ipv4.tcp_syncookies=0 and >>> reboot. dont forget to remove the # from the beginning of the line. >>> >>> On Sat, Apr 23, 2011 at 5:39 PM, Andreas Braathen >>> <andreas.braathen@xxxxxxxxxx> wrote: >>>> Squid is sending SYN packets to destination when receiving GET request from internals hosts. I want Squid to forward the GET request. How is this possible? >>>>
