BFW Firewall & Router

por **Visitante** » Qui Set 29, 2005 7:30 am

how to limit connections from ip to each port

np: I want to limit download and upload connections from ip x.x.x.x to port 4662 (emule) it is posible ?

plz help

por **Hamski** » Qui Set 29, 2005 7:31 am

it is my post i forgot to log in :) ok plz help

por **reset** » Qui Set 29, 2005 11:25 am

it's intersting for me too.

por **andrefellows** » Sex Set 30, 2005 5:33 pm

I think this is possible using QOS not for ports but IPs.
I don´t know how to do this 'cos I don't need this service.. my lan is just 2 computers at full trhotle ;)

Sorry about my english...

Se ya l8er!

por **Hamski** » Ter Out 04, 2005 7:50 pm

and what ? no idea ?

por **André Simões** » Ter Out 04, 2005 9:18 pm

You can make a QoS class for that IP, and put a speed limit on it.
All the trafic for that IP will be limited by this rule.

por **Hamski** » Sex Out 07, 2005 9:44 am

I know that! This is a speed limit i want connect limit

por **dougie173** » Sáb Out 08, 2005 8:06 pm

I think it can be done

This page describes how to do it manually setting iptables:-

http://www.clarkconnect.org/forums/showflat.php?Cat=&Board=netmanage&Number=77919&Main=77909

por **robsoniq** » Sáb Out 08, 2005 9:04 pm

I think that add in future to BR_FW function to limit connections per IP (in web admin) is a good idea. We should ask Claudio if it's possible. I'm sure that wish-list for BR_FW is very long :D

por **Claudio** » Dom Out 09, 2005 4:38 pm

Good ideia. Registered.

por **kdiamond** » Dom Dez 25, 2005 8:36 pm

Yeah indeed!

Too many connections are killing my ADSL modem, and even when bandwidth is very low, no one could browse, because P2P programs opens so many connections.

Setting a max connection number per IP would be a must.

Thx

Br,
Dali

por **pcpilot** » Qui Jan 05, 2006 5:55 am

ZyXEL P314 alike products use also
sessions control for per IP assigned to its DHCP clients.

It's a good method to limit per user not to open too many sessions and
also a good method to avoid crashing the IP sharing device due to
seesions resource was used out.

(Device provides option to limit max. sessions number per IP can establish ,
for example , total is 2048 for the P314 router , for 8 clients to share ,
I will set the max. sessions number as 255 (2048/8 ) , for example.)

Then each user will not be able to get more than 255 sessions.
that means only if user has to cut some existed sessions
(lower the P2P , for example , sessions) then user can establish
new session for other application (like http , or something else.)
or user will be not able to open any TCP/IP session anymore.

Maybe it can be added to BrazilFW's wish list.

por **Claudio** » Qui Jan 05, 2006 8:46 am

pcpilot escreveu:Maybe it can be added to BrazilFW's wish list.

It´s there already.

por **yeager** » Seg Mai 21, 2007 10:02 am

its allready added?

por **andrefellows** » Seg Mai 21, 2007 12:12 pm

Seach in Spanish forum for "Argento QOS" they made this kind of control

por **yeager** » Seg Mai 21, 2007 12:20 pm

im still waiting fot Argento QOS and Argento Bridge english tutorial.
Hey MASTERS how long time must waiting?

por **andrefellows** » Seg Mai 21, 2007 9:16 pm

search for "ip_conntrack" spanish !!

por **Marcos do Vale** » Seg Mai 21, 2007 11:04 pm

Código: Selecionar todos: iptables -t mangle -I POSTROUTING -p tcp -m state ! --state RELATED -m connlimit --connlimit-above 12 --connlimit-mask 32 -j DROP

por **yeager** » Ter Mai 22, 2007 3:02 am

andrefellows escreveu:search for "ip_conntrack" spanish !!

here is the problem, i dont speek spanish :(

Marcos do Vale escreveu:Code:
iptables -t mangle -I POSTROUTING -p tcp -m state ! --state RELATED -m connlimit --connlimit-above 12 --connlimit-mask 32 -j DROP

where put this lines

i have found addon conlimit, but from last wortre on this forum, not work.

por **andrefellows** » Seg Mai 28, 2007 4:52 pm

put this rule in "simple firewall" as a Custom Firewall rules at the end of the file and put an empty line at the end of the file

por **yeager** » Seg Mai 28, 2007 4:56 pm

and wath is a result of this?

por **andrefellows** » Seg Mai 28, 2007 6:51 pm

the IP cannot open more than 12 concurrent connections

por **yeager** » Ter Mai 29, 2007 7:15 am

and when i will set conlimit only for ip 192.168.1.100 is this right
iptables -t mangle -I POSTROUTING -p tcp -m state ! --state RELATED -m connlimit --connlimit-above 12 --connlimit-ip 192.168.1.100 -j DROP

por **andrefellows** » Ter Mai 29, 2007 7:49 am

yes you're right. you can also put a network mask instead just an ip like:

iptables -t mangle -I POSTROUTING -p tcp -m state ! --state RELATED -m connlimit --connlimit-above 12 --connlimit-ip 192.168.1.0/24 -j DROP

por **yeager** » Qui Mai 31, 2007 3:29 am

is it possible to see real time, how many connections have opened each users

por **andrefellows** » Qui Mai 31, 2007 8:44 am

i made a test: I put the connlimit in 3 and I did a download with "Free Download Manager".
My configuration in FDM is to open 5 concurrent connections, when i applied the connlimit, just 3 connections was made and even if I try to navigate somewhere else, i'll get no results.

By the way, I have a doubt, if the CONNLIMIT is set to a network, the limit used, as example above 3, is for each ip or for the entire network?

cheers

BFW Firewall & Router

limit connections from ip to each port? [INACTIVE]

limit connections from ip to each port?

Quem está online