=??B?RERPUyBBdHRhY2shISF3aG8gY2FuIGhlbHAgbWU/?=

[=??B?amtpbmcx?=]

thank you Matt and jeff ,you are right.

now
########################
# tcpdump tcp port www #
########################
14:15:07.899030 167.189.45.0.15724 > XXX.XXX.X.XXX.www: S 
1731350873:1731350873(0) win 16384
14:15:07.899132 23.138.127.48.17439 > XXX.XXX.X.XXX.www: S 
1731350793:1731350793(0) win 16384
14:15:07.899134 60.142.186.192.16004 > XXX.XXX.X.XXX.www: S 
1731350794:1731350794(0) win 16384
14:15:07.899223 157.17.119.64.64399 > XXX.XXX.X.XXX.www: S 
1731350805:1731350805(0) win 16384
14:15:07.899264 129.99.204.128.52213 > XXX.XXX.X.XXX.www: S 
1731350810:1731350810(0) win 16384
14:15:07.899522 113.175.72.64.29198 > XXX.XXX.X.XXX.www: S 
1731350811:1731350811(0) win 16384
14:15:07.899524 68.252.114.0.19491 > XXX.XXX.X.XXX.www: S 
1731350808:1731350808(0) win 16384
14:15:07.899538 105.50.40.16.20711 > XXX.XXX.X.XXX.www: S 
1731350875:1731350875(0) win 16384
14:15:07.899907 22.29.207.208.20004 > XXX.XXX.X.XXX.www: S 
1731350815:1731350815(0) win 16384
14:15:07.899922 84.114.120.192.35899 > XXX.XXX.X.XXX.www: S 
1731350801:1731350801(0) win 16384
14:15:07.899924 adsl-070-154-255-208.sip.ilm.bellsouth.net.9194 > 
XXX.XXX.X.XXX.www: S 1731350807:1731350807(0) win 16384
14:15:07.899937 178.127.147.86.40558 > XXX.XXX.X.XXX.www: S 
1731350806:1731350806(0) win 16384
14:15:07.900039 106.201.110.108.24487 > XXX.XXX.X.XXX.www: S 
1731350818:1731350818(0) win 16384
14:15:07.900041 213.205.73.192.9973 > XXX.XXX.X.XXX.www: S 
1731350822:1731350822(0) win 16384
14:15:07.900055 133.61.34.32.51134 > XXX.XXX.X.XXX.www: S 
1731350809:1731350809(0) win 16384
14:15:07.900057 62.33.240.96.8420 > XXX.XXX.X.XXX.www: S 
1731350823:1731350823(0) win 16384
14:15:07.900186 210.84.122.64.15705 > XXX.XXX.X.XXX.www: S 
1731350814:1731350814(0) win 16384
^C
1771393 packets received by filter  ----> 6 min
1739004 packets dropped by kernel



32,000packets/6min
i can\'t access web server too... can anyone has another good idea?


################
# /etc/pf.conf #
################
ext_if=\"fxp0\"
int_if=\"rl0\"
web_server=\"192.168.0.1\"
pcanywhere_port=\"5631\"
sql=\"1433\"

set optimization aggressive
set timeout tcp.first 45
set timeout tcp.established 43200
set timeout { adaptive.start 30000, adaptive.end 45000 }
set limit states 40000

table <DOS> persist
#table <spamd-white> persist

scrub in

rdr on $ext_if proto tcp from any to $ext_if port www -> $web_server port www
rdr on $ext_if proto tcp from any to port $pcanywhere_port -> \\
        $web_server port $pcanywhere_port
rdr on $ext_if proto tcp from any to port $sql -> $web_server port $sql
rdr on $ext_if proto tcp from any to port 1434 -> $web_server port 1434
rdr on $ext_if proto tcp from any to port 21 -> $web_server port 21
rdr on $ext_if proto udp from any to port 53 -> $web_server port 53
nat on $ext_if from !($ext_if) -> ($ext_if:0)
block return
block in log proto tcp all
block in log proto udp all
block in quick from <DOS> to any
pass quick on { lo $int_if }
antispoof quick for { lo $int_if }

pass in log on $ext_if inet proto tcp to $ext_if port ssh flags S/SA keep state
pass in log on $ext_if inet proto tcp to $web_server port 21 flags S/SA 
synproxy state
pass in log on $ext_if inet proto tcp to $web_server port $sql flags S/SA 
synproxy state
pass in log on $ext_if inet proto tcp to $web_server port 1434 flags S/SA 
synproxy state
pass in log on $ext_if inet proto tcp to $web_server port $pcanywhere_port 
flags S/SA synproxy state
pass in on $ext_if inet proto tcp to $web_server port www flags S/SA synproxy \\
state (max-src-states 100, max-src-conn-rate 10/1, overload <DOS> flush global)
pass in on $ext_if inet proto udp to $web_server port 53 keep state
pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state

----

iGENUS is a free webmail interface, NO fee,   download
---------------------------------------------------------
please visit http://www.qmail.org