Notepad:Syncookie

From Amar
Revision as of 18:15, 20 February 2007 by 67.52.184.2 (talk) (Syncookie protection setting)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Syncookie from Linux Journal Article 

echo "1" > /proc/sys/net/ipv4/tcp_syncookies
/proc/sys/net/ipv4/conf/all/rp_filter

Okay. Change to the /etc/sysconfig directory, and do a cat on your network file. It should look something like this: 

   NETWORKING=yes
   FORWARD_IPV4=no
   HOSTNAME=netgate.mycompany.com
   GATEWAY=192.168.22.10
   GATEWAYDEV=

In particular, look at the second line (FORWARD_IPV4). For those who aren't already familiar with this concept, IP forwarding means routing. Routing means a networked computer will forward or direct packets between networks, specifically packets from other computers on your network. In this manner, a computer with a single dial-up Internet connection can act as a gateway for a whole network of computers. By default, your system does not do IP forwarding. If you wanted to change it so that at bootup (or network restart) you did have forwarding turned on, you would change the value of FORWARD_IPV4 to "yes" instead of "no". Now, here's a little problem for all you upgraders.

If you are upgrading to Red Hat 6.2 and are currently running with IP forwarding, you may find that things don't seem to be working with your old configuration scripts. If you start with a squeaky-clean 6.2 system, your /etc/sysconfig/network file will have an entry that says something like this (going by memory here): 

  # FORWARD_IPV4 removed; see /etc/sysctl.conf

The /etc/sysctl.conf file looks like this: 

   # Disables packet forwarding
   net.ipv4.ip_forward = 0
   # Enables source route verification
   net.ipv4.conf.all.rp_filter = 1
   # Disables automatic defragmentation (needed for masquerading, LVS)
   net.ipv4.ip_always_defrag = 0
   # Disables the magic-sysrq key
   kernel.sysrq = 0
Retrieved from "https://wiki.amar.com/index.php?title=Notepad:Syncookie&oldid=53"