Hi all
like many of you, we have a rather annoying problem with clients using various P2P programs to download movies and so on.
We have set up queues so that P2P is limited to very little but I find that the upload speed of some clients is still fairly high and the number of connections is also very high.
My question is: is it possible to limit the number of connections per client? if so could anybody tell me how?
All our clients TX and RX rates are already limited.
Thanks
David
You can limit numbers of TCP connections, but you need to be careful, that p2p client can generate a lot of connections, and other traffic HTTP, etc. might not work correctly.
26 X ;;; drop more than 50 connection /ip
ip firewall filter>
add chain=forward protocol=tcp connection-limit=50,32 action=drop
You can limit your clients by making number of connection in filter rule forward
add following rule(suppose u wans to allow 6 connection for an IP)
add source ipaddress protocol tcp tcp-flag=synk connection-limit 6,32 action drop
Hi All!
I’ve tested the example above, and 18 of 18 of my routers (mainly RB532 and 112), and it seems working as follow:
It means that f.re. there is no DNS service available for the client, ping goes out to the world but http://www.mikrotik.com can not be displayed on the WEB, only if he writes IP address.
Regards
Zsolt
and you check in conntrack that? do that show, that there are no connections?
when I limiting connections number I do it onlu for ports >1024
of course there is always someone who will try to download an iso image wift 100 or more simultaneous connections but is rare.
and of course it’s good that default value for tcp-established-timeout is 1day not like in other linux distributions 5day’s 