Limiting Maximum Connections Per Client on Client Side

giganet · June 13, 2008, 1:41am

Hello group I have been working on limiting the maximum number of connections a client device can make and not having much luck so far.

What I have at this point I will post below, if anyone has input on where I may be in error would be greatly appreciated.

114   ;;; LIMIT 100 CONNECTIONS WLAN
     chain=forward action=drop tcp-flags=syn src-address=172.16.5.0/24 
     protocol=tcp packet-mark=all connection-limit=100,32 

115   ;;; LIMIT 100 CONNECTIONS LAN
     chain=forward action=drop tcp-flags=syn src-address=192.168.100.0/24 
     protocol=tcp packet-mark=all connection-limit=100,32

I have tried placing these rules at the top and bottom of in ‘ip firewall filter’, yet the counter never moves and my trunk interceptor continues to inform me of clients exceeding a 157 connections.

FYI: I am running masquerade between ether1 and wlan1.

Thank you
Regards

giganet · June 14, 2008, 9:32pm

Is it possible that anyone knows an actual URL at the MT Wiki regarding limiting the number of connections?
I have gone to the Wiki and searched using numerous search terms all coming up empty handed each time.

It would be most appreciated.

Regards

hulk-bd · June 15, 2008, 10:49am

just try with no packet-mark, maybe it’ll help

giganet · June 16, 2008, 7:46pm

Thanks hulk-bd

I have tried limiting connections with and without packet-mark always netting the same result, no limitation.

Have you got any working filter rules that you could post as a sample?

Thanks for your time

Regards