I can’t connect to my webserver in the DMZ from an external IP address when Syn Flood Protection is enabled in the corresponding firewall rule.
Sometimes I am able to reach the site but most of the time not. When disabling this feature, everything works.
I there anything I can do about this?
[Edit]
Could it be that there is a problem in case of HAProxy listening on that specific port?
On my vm testbed system, I just set up a server on my orange network and set up a port forward rule to allow access.
Tested this out and was able to successfully access the server from the red side of the vm IPFire system. Turning off the port forward prevented access.
Then I enabled synflood protection onto the port forward firewall rule and tried accessing again from the red side.
I was able to access multiple times without any problems. Checked the rule and confirmed that the syn flood checkbox was enabled.
So I can’t reproduce the effect you are describing based on the synflood protection.
EDIT:
Just in case there was any browser cache effect I just tried it with closing the browser between testing without and with the synflood protection enabled on the port forward rule and in all cases I could continue accessing the server on my vm orange network.
I can’t help withy regard to your question about the haproxy addon as I don’t use it and never have.
Thank you very much, I’ll try out without HaProxy but with a portforward FW rule. This will take some days but I’ll post my results here.
This should all work even with local services, but of course is a lot less effective. The OS itself has SYN flood protection built in and so I would not bother to run this on top of that.