PF Problem with synproxy and haproxy

M

moz1

I met a trouble wit synproxy and net/haproxy. I've installed net/haproxy on server 10.0.0.2, I tried to apply synproxy in front of our webserver, but it didn't work. Here's the rule I used:

Code: 
pass in on $ext_if proto tcp from 10.0.0.10 to 10.0.0.2 flags S/SA synproxy state

It worked with 'keep state' but with synproxy it didn't.
Many thanks for any supporting.
 
In short, don't. The synproxy option should only be used under specific situations, such as when you are under an active DDoS. It shouldn't be used normally. Just do 'keep state' or leave it off all together as 'keep state' is implied.
 
@junovitch: Thanks for your suggestion, but we received SYNFLOOD every day, so we need to take it always on SYNPROXY.
 
You must log in or register to reply here.
Back
Top