limit connections to 50 per user

natedogg104 · June 7, 2008, 3:49am

OK guys i have read the forums and have the following inputed in to my router
chain=forward action=drop tcp-flags=syn src-address=10.5.50.72
protocol=tcp connection-limit=50,32
this works if i assign an ip address, but what i want to do is have it applied to all ip addresses to the network, and i have tried
chain=forward action=drop tcp-flags=syn src-address=10.5.50.72/24 or 10.5.50.72/32
protocol=tcp connection-limit=50,32

BUt then it limits 50 connections for the whole subnet as a whole and not per user ip
My questioin is ther a way to limit each address without specifing each ip address. My goal is to limit the whole subnet to 50 connections per ip address

Thanks in advance

Nathan Vosburg
http://www.coalinganowire.com
natedogg104@yahoo.com

Chupaka · June 7, 2008, 11:56am

chain=forward action=drop tcp-flags=syn protocol=tcp src-address=10.5.50.0/24 connection-limit=50,32

natedogg104 · June 9, 2008, 6:55am

wont that limit the whole range to only 50 connections for the whole range, meaning that if i had 20 ips in that range they would all share that 50 connections? I want it so that every ip in that range gets 50 connections, meaning if i had 20 users each one would get 50 connections

lastguru · June 9, 2008, 7:04am

The second value (32) in that “connection-limit” property defines the netmask of limitation. In other words, for your setup each of the /32 clients (effectively, each IP) will have the limitation set to 50 connection, which is exactly what you want to achieve.

natedogg104 · June 9, 2008, 7:11am

Tyvm for the response. Thats explains it

natedogg104 · June 9, 2008, 8:04pm

ok last question on this one , since my gateway is 10.5.50.1 every person makes a connection to it , how do i exempt if from the 50 connection rule

Thanks again in advance

lastguru · June 9, 2008, 9:42pm

why do they connect to the gateway?

As for the extemption, put an accept rule for that kind of traffic before the connection limit

natedogg104 · June 9, 2008, 10:07pm

Im running a hotspot service the ip of the gateway is 10.5.50.1 for the hotspot and dhcp server and proxy server. So i dont want to limit the ip of 10.5.50.1 to 50 connections but all the other ips to 50 per ip address. Can you give me an example, im thinking of chain=forward action=drop tcp-flags=syn protocol=tcp src-address=10.5.50.0/24 connection-limit=10000,32 or chain=forward action=allow tcp-flags=syn protocol=tcp src-address=10.5.50.1. What one do you suggest to use

natedogg104 · June 10, 2008, 4:46pm

any ideas?