Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Openbsd as gateway Problem
Special Forums IP Networking Openbsd as gateway Problem Post 302153183 by Peter_APIIT on Sunday 23rd of December 2007 10:21:05 PM
Old 12-23-2007
I also confim it with sysctl -a |less


Below is a information :

net.inet.ip.forwading=1
net.inet.ip.redirect=1
net.inet.ip.sourcerate=0
net.ine6.ip.forwading=0
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

please help with openbsd 2.9

Please help. I have downloaded the openbsd 2.9 snapshot from ftp.openbsd.org. the following files were downloaded from the snapshot dir. ( the whole dir. was downloaded ) base29,bsd,bsd.rd,cdrom29.fs,cksum,comp29,etc29,all three floppy images,game29,index,install.ata,install.chs... (11 Replies)
Discussion started by: Blunt_Killer
11 Replies

2. BSD

OpenBSD : mount problem

hi I have two hhd's. One is primary disk which holds the OpenBSD system and the other is my download disk (disk2). I formatted disk2 in "ffs" type. And created a "disklabel", wd1a. The disklabel program says "No change made", but I can see the changes by "p" command. I cannot mount my disk2!... (1 Reply)
Discussion started by: fnoyan
1 Replies

3. BSD

[OpenBSD] DNS startup problem

I have the DNS files set up on my OpenBSD 4.0 amd64 system however when I run named, I get the following error in my logs: Sep 23 10:43:03 grunty named: starting BIND 9.3.2-P1 Sep 23 10:43:03 grunty named: /etc/named.conf:25: change directory to '/var/named' failed: file not found Sep 23... (2 Replies)
Discussion started by: BOFH
2 Replies

4. BSD

Trying to get into OpenBSD

I am an eight year Linux user and after getting into an argument with someone about OpenBSD overiding my theory that OS security is 50% OS and 50% admin skill, I decided to try OpenBSD for myself. I've tried BSDs before and haven't been able to get into them for day to dy use, but I am going to... (7 Replies)
Discussion started by: deckard
7 Replies

5. BSD

openbsd-pf

hello , I wondered if anyone could assist me in writing a simple packet filter firewall on my OpenBSD v4.5. All I intend doing is to have two firewalling machine on a separate network : 192.168.1.1 ext_if = xl0 (dhcp) // Internet interface int_if=xl1 // Internatl interface ... (0 Replies)
Discussion started by: mattjam
0 Replies

6. BSD

Xwindows Problem OPenBSD 4.6

Hi, I have OPENBSD 4.6 installed as a VM in Virtual Box on my Ubuntu 9.10 machine. Problem is that the XWindows will not start when I boot my OPENBSD VM. I am new to OPENBSD. How do I fix this problem? (5 Replies)
Discussion started by: mojoman
5 Replies

7. Linux

GNUGK-How to setup static gateway to gateway routing

Dear Sir I am a newbie in the world of IP telephony. I have been working with Asterisk PBX (SIP) and Cisco Call Manager (MGCP) but now I am learning on how to work GNUGK for H.323 Gatekeeper. I am having a problem, configuring static call routing on GNUGK in the section ... (0 Replies)
Discussion started by: mfondoum
0 Replies

8. IP Networking

Small Problem about Default Gateway

I have Ubuntu linux Os with two eth cards. I can easily delete def gatewayg. But I can't add new one.. :confused::confused: When I run route-n: alperen@alperen-System-Product-Name:~$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use... (1 Reply)
Discussion started by: Mhnds
1 Replies

9. IP Networking

Routing problem : two interfaces one gateway

hi folks, i have a horstbox-router with the following configuration. it has 4 ethernet ports from wich one (wan0) is configured as an external modem via dhcp. at this port/interface(wan0) it is connected with my home network (other switch). this configuration results in the following... (14 Replies)
Discussion started by: gencaslan
14 Replies

10. UNIX for Beginners Questions & Answers

Inconsistency between RedHat 6.5 global gateway and single gateway leads to loss of default gateway

Dear friends I use RedHat 6.5, which sets the gateway in the configuration file / etc / sysconfig / network as GATEWAY = 192.168.1.26, and the gateway in the configuration file / etc / sysconfig / network-scripts / ifcfg-eth11 as GATEWAY = 192.168.1.256. The two gateways are different.... (6 Replies)
Discussion started by: tanpeng
6 Replies

LEARN ABOUT FREEBSD

syncache

SYNCACHE(4)						   BSD Kernel Interfaces Manual 					       SYNCACHE(4)

NAME

     syncache, syncookies -- sysctl(8) MIBs for controlling TCP SYN caching

SYNOPSIS

     sysctl net.inet.tcp.syncookies
     sysctl net.inet.tcp.syncookies_only

     sysctl net.inet.tcp.syncache.hashsize
     sysctl net.inet.tcp.syncache.bucketlimit
     sysctl net.inet.tcp.syncache.cachelimit
     sysctl net.inet.tcp.syncache.rexmtlimit
     sysctl net.inet.tcp.syncache.count

DESCRIPTION

     The syncache sysctl(8) MIB is used to control the TCP SYN caching in the system, which is intended to handle SYN flood Denial of Service
     attacks.

     When a TCP SYN segment is received on a port corresponding to a listen socket, an entry is made in the syncache, and a SYN,ACK segment is
     returned to the peer.  The syncache entry holds the TCP options from the initial SYN, enough state to perform a SYN,ACK retransmission, and
     takes up less space than a TCP control block endpoint.  An incoming segment which contains an ACK for the SYN,ACK and matches a syncache
     entry will cause the system to create a TCP control block with the options stored in the syncache entry, which is then released.

     The syncache protects the system from SYN flood DoS attacks by minimizing the amount of state kept on the server, and by limiting the overall
     size of the syncache.

     Syncookies provides a way to virtually expand the size of the syncache by keeping state regarding the initial SYN in the network.	Enabling
     syncookies sends a cryptographic value in the SYN,ACK reply to the client machine, which is then returned in the client's ACK.  If the corre-
     sponding entry is not found in the syncache, but the value passes specific security checks, the connection will be accepted.  This is only
     used if the syncache is unable to handle the volume of incoming connections, and a prior entry has been evicted from the cache.

     Syncookies have a certain number of disadvantages that a paranoid administrator may wish to take note of.	Since the TCP options from the
     initial SYN are not saved, they are not applied to the connection, precluding use of features like window scale, timestamps, or exact MSS
     sizing.  As the returning ACK establishes the connection, it may be possible for an attacker to ACK flood a machine in an attempt to create a
     connection.  While steps have been taken to mitigate this risk, this may provide a way to bypass firewalls which filter incoming segments
     with the SYN bit set.

     To disable the syncache and run only with syncookies, set net.inet.tcp.syncookies_only to 1.

     The syncache implements a number of variables in the net.inet.tcp.syncache branch of the sysctl(3) MIB.  Several of these may be tuned by
     setting the corresponding variable in the loader(8).

     hashsize	  Size of the syncache hash table, must be a power of 2.  Read-only, tunable via loader(8).

     bucketlimit  Limit on the number of entries permitted in each bucket of the hash table.  This should be left at a low value to minimize
		  search time.	Read-only, tunable via loader(8).

     cachelimit   Limit on the total number of entries in the syncache.  Defaults to (hashsize x bucketlimit), may be set lower to minimize memory
		  consumption.	Read-only, tunable via loader(8).

     rexmtlimit   Maximum number of times a SYN,ACK is retransmitted before being discarded.  The default of 3 retransmits corresponds to a 45
		  second timeout, this value may be increased depending on the RTT to client machines.	Tunable via sysctl(3).

     count	  Number of entries present in the syncache (read-only).

     Statistics on the performance of the syncache may be obtained via netstat(1), which provides the following counts:

     syncache entries added
		       Entries successfully inserted in the syncache.

     retransmitted     SYN,ACK retransmissions due to a timeout expiring.

     dupsyn	       Incoming SYN segment matching an existing entry.

     dropped	       SYNs dropped because SYN,ACK could not be sent.

     completed	       Successfully completed connections.

     bucket overflow   Entries dropped for exceeding per-bucket size.

     cache overflow    Entries dropped for exceeding overall cache size.

     reset	       RST segment received.

     stale	       Entries dropped due to maximum retransmissions or listen socket disappearance.

     aborted	       New socket allocation failures.

     badack	       Entries dropped due to bad ACK reply.

     unreach	       Entries dropped due to ICMP unreachable messages.

     zone failures     Failures to allocate new syncache entry.

     cookies received  Connections created from segment containing ACK.

SEE ALSO

     netstat(1), tcp(4), loader(8), sysctl(8)

HISTORY

     The existing syncache implementation first appeared in FreeBSD 4.5.  The original concept of a syncache originally appeared in BSD/OS, and
     was later modified by NetBSD, then further extended here.

AUTHORS

     The syncache code and manual page were written by Jonathan Lemon <jlemon@FreeBSD.org>.

BSD
								 January 22, 2008							       BSD
All times are GMT -4. The time now is 08:58 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy