Protecting from SYN floods and other asshole people.

Matthew S. Crocker matthew at crocker.com
Fri Aug 31 20:58:03 BST 2001


Howdie,

 I have a LVS cluster up and running directing SMTP,POP3,IMAP to 3 real
servers using direct route.   The 'ipvsadm -l -c -n' command shows >2k
connections from one IP address in ESTABLISHED state.  When one times
another one gets created.  It always seems to hover around 2200
connections.   The real servs are not working too hard on it because
tcpserver is rejecting connections (I think).   Can I put an iptables
entry on the director to block the offending CLass C?  Or, does LVS happen
before the iptable stuff?

-Matt


On Fri, 31 Aug 2001, Cpunk wrote:

> The web page is showing a phpsysinfo page instead of the regular content.
> Is there a "trusted" mirror somewhere?
>
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>

-- 
----------------------------------------------------------------------
Matthew S. Crocker
Vice President / Internet Division         Email: matthew at crocker.com
Crocker Communications                     Phone: (413) 587-3350
PO BOX 710                                 Fax:   (413) 587-3352
Greenfield, MA 01302-0710                  http://www.crocker.com
----------------------------------------------------------------------





More information about the lvs-users mailing list