Hi folks,
I would like to hear your expirience on limiting TCP syn.
Currently I limited each address with 16 TCP syn, but having doubt is this enough for users not to expirience dificulties opening the web pages.
Thx and cheers…
In reality it varies depending what browser and if the user has tweaked their system.
16 probably is too little but you will have to experiment.
I found 50 - 70 to be realistic.
sorry it’s out of topic !! but how do you limit the tcp sync? thanks in advance 
Well, I found 16 working good, if user wants to open 2 websites at the same time it’s ok, but if they use p2p they can’t browse which is actually great 
I am wondering what’s going on with online gaming?
Anyhow, I was thinking to give them maybe 20 not more. 50-70 per user can kill my AP performance 
Thx…
@maroon
To allow not more than 16 concurrent connections from each particular IP address, you can use this rule:
/ip firewall rule forward add protocol=tcp tcp-options=syn-only connection-limit=17 action=drop
Cheers…
Have you checked out all websites? I found some would give trouble but most OK.
I guess you could just wait and see if the phone rings
Users with routers (if you allow that) might see more trouble so watch out.
I have checked more than hundred sites and each one is working. There where problem opening few sites at the same time, but to be honest, I don’t care. If users don’t like opening site by site instead of 10 at the same, they should simply buy some other service. This is wireless. I have ~40 users per AP ant can’t afford packets
Cheers…
Not quite done. Some 100.000 still left to check…
Sorry, couldn’t resist…