If i have 2000 USD for firewall solution to against synflood ,which best ?

[hkivan]

If i have 2000 USD for firewall solution to against synflood ,which one is the best ( I mean the performance )?

The syn flood was kill my two DA server ... I hate it .


In my view ,If i need to against 50 Mps Syn Flood attack , I think the performance of the hardware firewall in this price .......I think it not a good choice .

I want to build a P4 Celeron + 512 Ram with SmoothHost (Firewall ) http://www.smoothwall.net/products/smoothhost3/
I think the performance of this self-make hardware firewall is quite good .... I think it has more power to against syn flood attack .



Does any one has a idea on this topic ?


It nice to have your idea .



Actaully .. I am considering ..... Netscreen 100 .

In my Network ( in design ) ...

IDC ( Internet Connection )
|
Hareware Firewall ( 222.222.222.222 ) - Wan IP
|
S w i t c h
| | | |
Web Server(s) x 4 (222.222.222.223~227 ) - Wan IP

Because I want to use directadmin to build a web server ... but Directadmin must need to use Wan IP for their server ... So .. that why i also want to use wan ip behind firewall network .

CONFUSE .... may be my english is not enough .. sorry !!!

 

[nobaloney]

Your english is fine for the purpose.

I don't recommend separate hardware solutions; I'd use iptables to throw away packets at the server.

If you do want to build/buy a solution against synflood attacks it's imperative that you have a solution that will let you pass IP#s (a transparent firewall); DA expects the server to work on the same IP# it get's it's updates as.

Jeff

 

[hkivan]

transparent firewall ?

Any Suggesttion ?



Actaully , i want to build a hardware firewall by myself , but i don't know which one has [ transparent ] function ....

 

[nobaloney]

Will this somewhat dated article help you?

If not, then here's what I typed into Google:

buildin a transparent firewall in linux

It got a bunch of hits; the one above was the first.

Jeff