I found this on the web (google: iptables limit) it may help - if it is iptables that is breaking I doubt this will help as iptables is still doing the work:
## SYN-FLOODING PROTECTION # This rule maximises the rate of incoming connections. In order to do this we divert tcp # packets with the SYN bit set off to a user-defined chain. Up to limit-burst connections # can arrive in 1/limit seconds ..... in this case 4 connections in one second. After this, one # of the burst is regained every second and connections are allowed again. The default limit # is 3/hour. The default limit burst is 5. # iptables -N syn-flood iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN iptables -A syn-flood -j DROP > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Dworf > Sent: Thursday, April 11, 2002 4:02 PM > To: Ramin Alidousti > Cc: [EMAIL PROTECTED] > Subject: Re: SynFlood BIG Problem! > > > Ok this is onlly protecting itself INPUT only. > > When i pipe lots of traffic evrything works no error. So this is only > Happening when i get hit by synflood. my Upstream to my ISP > is 100Mbit > SynFlood traffic about 5Mbit is enouf to get the Kernel Error > MSG. (5Mbit is > from MRTG) and im using 2.4.18 Kernel. > > I had a reply about saying that 8139too and eepro100 cards > and drivers cant > handle heavy load if this is throo what card CAN handle so > much load. Couse > if I do some normal stuff download, upload from that linux > box and use up all > the 100Mbit i get no error. So this problem is only with SynFlood. > > I wonder if it has anything to do getting lots of packets and > with SRC faked > addresses. And yes my IPTABLES INPUT rules drop all the > packets they dont > reply to any when the SynAttack comes in. > > AnyWay REALLY STRANGE! > > P.S.: Hope this is not off topic > > Thank you for your reply and help any more sugjestions would help > > Thank You! > > On Thursday 11 April 2002 21:24, you wrote: > > Is this firewall only protecting itself (INPUT) or others behind it > > (FORWARD) as well? But anyway, if the cause of your problem is > > synflood and that your ethernet driver is being DoS'ed (that's my > > interpretation from "eth0: Too much work at interrupt...") then I'd > > say that there is nothing iptables can do for you as it (iptables) > > reacts on the packets your driver hands over to it. I might > be wrong > > here. What happens when you pipe lots of data through your card, eg > > when you almost saturate the link? In both directions? Or > is this only > > happening when you get hit by synflood? > > > > But, it seems weird though. Your ethernet card should be able to > > handle that much of a traffic that the upstream ethernet port is > > sending. What is your upstream bandwidth to your ISP? And > what is your > > upstream bandwidth from your linux box? And how much > synflood traffic > > is hitting you each time? > > > > Ramin >
