Community discussions

MikroTik App
  4. RouterOS
  5. General

Limiting user connections to a single host

Post Reply
 
kevin_i_orourke
just joined
Topic Author
Posts: 21
Joined: Mon Aug 21, 2006 12:51 pm
Location: Kaduna, Nigeria

Limiting user connections to a single host

Tue Aug 21, 2007 10:52 am

I'm having problems with bandwidth-hogging users on our satellite internet connection.

The current biggest issue seems to be people using "download accelerators". Some component in the system (probably the V-SAT modem) seems to share bandwidth equally between all connections. So if you're using a download accelerator (opening lots of connections) you get all the bandwidth and everyone else starves.

Our acceptable usage policy forbids the use of download accelerators but I'm getting fed up of going round checking users' PCs and uninstalling them.

I can see that it's possible to limit connections per IP address, but I'm worried this might cause problems for innocent users.

So, is it possible to just limit the number of connections each IP address on our network can make to a single internet IP? For example, if our user 192.168.0.71 is trying to open 20 connections to 208.65.153.253 can we limit it to 5 connections?

What would be a good limit for the number of connections from one local IP to an internet IP?

Or is there some reason why this is a bad idea?

Thanks,
Kevin
Top
 
User avatar
balimore
Forum Veteran
Forum Veteran
Posts: 884
Joined: Mon Apr 10, 2006 3:38 am

Re: Limiting user connections to a single host

Tue Aug 21, 2007 12:05 pm

----
Hai,... :wink:
yes, you can add rule like this and put on top rule.
Code: Select all
/ip fire filt add chain=forward prot=tcp tcp-flag=syn connection-limit=6,32 acti=drop
it mean 6th connection will drop.

regards
Hasbullah.com
----
I'm having problems with bandwidth-hogging users on our satellite internet connection.

The current biggest issue seems to be people using "download accelerators". Some component in the system (probably the V-SAT modem) seems to share bandwidth equally between all connections. So if you're using a download accelerator (opening lots of connections) you get all the bandwidth and everyone else starves.

Our acceptable usage policy forbids the use of download accelerators but I'm getting fed up of going round checking users' PCs and uninstalling them.

I can see that it's possible to limit connections per IP address, but I'm worried this might cause problems for innocent users.

So, is it possible to just limit the number of connections each IP address on our network can make to a single internet IP? For example, if our user 192.168.0.71 is trying to open 20 connections to 208.65.153.253 can we limit it to 5 connections?

What would be a good limit for the number of connections from one local IP to an internet IP?

Or is there some reason why this is a bad idea?

Thanks,
Kevin
Top
 
kevin_i_orourke
just joined
Topic Author
Posts: 21
Joined: Mon Aug 21, 2006 12:51 pm
Location: Kaduna, Nigeria

Re: Limiting user connections to a single host

Tue Aug 21, 2007 12:21 pm

----
Hai,... :wink:
yes, you can add rule like this and put on top rule.
Code: Select all
/ip fire filt add chain=forward prot=tcp tcp-flag=syn connection-limit=6,32 acti=drop
it mean 6th connection will drop.
Thanks for the reply.

Doesn't that just mean that each local IP address only gets allowed 5 connections total, I was wanting to limit it so that they could have (for example) 5 connections to one internet IP, 5 connections to another, ...

Is this possible?
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 88 guests
  4. RouterOS
  5. General