Re: options tcp_drop_synfin and virtual hosts
dave wrote: Is there a doc that says what the tcp_drop_synfin option does and what effect it has on webservers and why it should never be used on such? The meaning of the SYN and FIN flags is discussed in RFC-793. Normally, one goes through the 3WHS and exchanges some data before one side decides to close, but HTTP requests can fit within the first data packet so one might shortcut or streamline the process (or am I mixing concepts from T/TCP?). Anyway, the effectiveness of the tcp_drop_synfin option is marginal compared to running a real firewall, even one on that host. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
options tcp_drop_synfin and virtual hosts
Hello, Is there a doc that says what the tcp_drop_synfin option does and what effect it has on webservers and why it should never be used on such? I've got an apache install on a 5.2.1 box with two hosts, and am having a problem that externalnections can only get to the primary site, while network connections from inside the firewall can get to either site in question. Also, an external connection instead of seeing the site address get the address of the public IP. I've narrowed this down to two possibilities, he's getting his dns from yahoo, and the tcp_drop_synfin option? Any help appreciated. Thanks. Dave. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
