Community discussions

MikroTik App
  4. RouterOS
  5. General

LIMITING CONNECTIONS

Post Reply
 
VSAT
just joined
Topic Author
Posts: 19
Joined: Sat Oct 21, 2006 9:34 pm

LIMITING CONNECTIONS

Wed Nov 22, 2006 12:04 am

Hi all

like many of you, we have a rather annoying problem with clients using various P2P programs to download movies and so on.
We have set up queues so that P2P is limited to very little but I find that the upload speed of some clients is still fairly high and the number of connections is also very high.

My question is: is it possible to limit the number of connections per client? if so could anybody tell me how?

All our clients TX and RX rates are already limited.

Thanks

David
Top
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6697
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:
Contact sergejs

Wed Nov 22, 2006 9:09 am

You can limit numbers of TCP connections, but you need to be careful, that p2p client can generate a lot of connections, and other traffic HTTP, etc. might not work correctly.
Top
 
chnet
just joined
Posts: 8
Joined: Wed Oct 18, 2006 11:52 am

use this and will do what you want

Thu Nov 23, 2006 9:38 am

26 X ;;; drop more than 50 connection /ip
ip firewall filter>

add chain=forward protocol=tcp connection-limit=50,32 action=drop
Top
 
ajmal
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Mon Jan 31, 2005 8:38 pm
Location: IN

Re: LIMITING CONNECTIONS

Sun Nov 26, 2006 7:25 pm

Hi all

like many of you, we have a rather annoying problem with clients using various P2P programs to download movies and so on.
We have set up queues so that P2P is limited to very little but I find that the upload speed of some clients is still fairly high and the number of connections is also very high.

My question is: is it possible to limit the number of connections per client? if so could anybody tell me how?

All our clients TX and RX rates are already limited.

Thanks
David


You can limit your clients by making number of connection in filter rule forward

add following rule(suppose u wans to allow 6 connection for an IP)

add source ipaddress protocol tcp tcp-flag=synk connection-limit 6,32 action drop
Top
 
datawlan
newbie
Posts: 29
Joined: Mon Aug 28, 2006 11:15 pm
Contact:
Contact datawlan

seems not OK

Wed Dec 20, 2006 1:03 pm

Hi All!

I've tested the example above, and 18 of 18 of my routers (mainly RB532 and 112), and it seems working as follow:

- the packets are dropped correctly (max. f.e. 20 connections)
- after 3-4 days the complete connection is dropped.

It means that f.re. there is no DNS service available for the client, ping goes out to the world but http://www.mikrotik.com can not be displayed on the WEB, only if he writes IP address.

Regards

Zsolt
Top
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Wed Dec 20, 2006 4:16 pm

and you check in conntrack that? do that show, that there are no connections?
Top
 
sioux
newbie
Posts: 47
Joined: Thu May 25, 2006 10:35 pm
Location: Poland/Tarnów

Thu Dec 21, 2006 9:44 am

when I limiting connections number I do it onlu for ports >1024
of course there is always someone who will try to download an iso image wift 100 or more simultaneous connections but is rare.
and of course it's good that default value for tcp-established-timeout is 1day not like in other linux distributions 5day's :)
Top
Post Reply
  4. RouterOS
  5. General