It seems that the IE is issuing really way more requests than I assumed. I did put the Value to 20/sec:50 which should make it OK. If people really want to be faster in accessing my site - well - they'll be locked out.
It was actually a limit I had set for the Bot-Harvesters and Brute-Force attacks issuing on a regular base. However - I added 2 more techniques to stop these - a harvester Trap: https://stargate.solsys.org/harvester/index.html which is very easy to setup - and also acting as Limiting factor for Bots not respecting the robot.txt file, and for ssh I wrote a script that looks for failed logins and locks probing sites immediatly - if not whitelisted. So - I now can configure the connection rate to be more relaxed. Thx again ... I knew it had something to do with the connection rate - but I completely had ignored the connection-rate settings in the DNAT rule ... Cheers Joerg <quote who="Joerg Mertin"> > Damn, I knew it ... I had set this up because of some people doing too > many requests on ssh etc. - and because of lazyness I added all > port-numbers under one rule - and didn't take it out any more... > > Thx for the Hint. I didn't see the forest because of the trees anymore ... > > Cheers > Joerg > > <quote who="Tom Eastep"> >> Joerg Mertin wrote: >>> Hi there, >>> >>> <quote who="Tom Eastep"> >>> [...] >>>> It most likely means that, for some reason, the packets are not >>>> matching >>>> either the DNAT rule or an existing conntrack entry. >>> >>> Well - the funny thing is that Firefox does not have that beheaviour - >>> and >>> I don't know why. Could it be a portscanning-detection that activates ? >> >> Shorewall has no portscanning-detection. >> >> >>> http://www.solsys.org/linux/shorewall_dump.txt >> >> You have a limit on your DNAT rule!!!!!!!!!!!! Anything in excess of the >> limit will be rejected in the world2fw chain. IE tends to open more >> parallel >> connections than Mozilla. >> >> -Tom >> -- >> Tom Eastep \ Nothing is foolproof to a sufficiently talented fool >> Shoreline, \ http://shorewall.net >> Washington USA \ [EMAIL PROTECTED] >> PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by DB2 Express >> Download DB2 Express C - the FREE version of DB2 express and take >> control of your XML. No limits. Just data. Click to get it now. >> http://sourceforge.net/powerbar/db2/_______________________________________________ >> Shorewall-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> > > > -- > ------------------------------------------------------------------------ > | Joerg Mertin : [EMAIL PROTECTED] (Home)| > | in Forchheim/Germany : [EMAIL PROTECTED] (Alt1)| > | Stardust's LiNUX System : | > | Web: http://www.solsys.org | > ------------------------------------------------------------------------ > PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > -- ------------------------------------------------------------------------ | Joerg Mertin : [EMAIL PROTECTED] (Home)| | in Forchheim/Germany : [EMAIL PROTECTED] (Alt1)| | Stardust's LiNUX System : | | Web: http://www.solsys.org | ------------------------------------------------------------------------ PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
