Community discussions

MUM Europe 2020
 
conchalnet
Member Candidate
Member Candidate
Topic Author
Posts: 274
Joined: Thu Nov 03, 2005 1:44 pm
Location: Brazil

limit connection per IP

Mon Nov 14, 2005 11:34 am

Hi all,

I'm trying to limmit the max connections py host on my network but I don't know if I'm doing right.

I got the rule below on the forum (http://forum.mikrotik.com/viewtopic.php ... tion+limit ):

/ip firewall filter add action=drop connection-limit=5,32 protocol=tcp tcp-flags=syn, chain=forward

This rule has some packets and bytes on the statistcs but if I go to the connections tab on the winbox (IP-FIREWALL-CONNECTIONS TAB) I can count more than 5 TCP connections by host :(.

How can I limit the connections on my network??? I want that each client connected on my mikrotik AP can open 10 connection simultaneos.

Thanks in advance.

Fabrício Fadel Kammer
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6619
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Mon Nov 14, 2005 12:31 pm

Than you have change 5 to 11 for 10 connections (11,32).
Clear information in connection table.

Do not forget, given rule limits new TCP connections.
 
conchalnet
Member Candidate
Member Candidate
Topic Author
Posts: 274
Joined: Thu Nov 03, 2005 1:44 pm
Location: Brazil

Mon Nov 14, 2005 4:55 pm

I think that isn't work, because I can see an IP with about 100 connections open on the connection table.

How can I prevent this??? I want tha a same IP has a maximum of 10 connection opened at same time.

Thanks
 
maxfava
Member Candidate
Member Candidate
Posts: 219
Joined: Mon Oct 17, 2005 12:30 am

SYN how to but...

Mon Jan 16, 2006 7:34 pm

Regarding the maximum number opened by a Client, that can be called syn attack, I'm asking but our Internet service provider how manage this issue or state?

Because I monitoring the number of connection on my ADSL line and it support until 1700 connection /sec.
But on my internal net I must reduce it to 70-80 to have not syn attack detection.

:roll:

Is there someone that know?

Ciao
 
User avatar
Hugh Hartman
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri May 28, 2004 2:01 pm
Location: Fort Kent, Maine

Mon Jan 16, 2006 8:27 pm

conchalnet
Are all the connections TCP or is there some UDP mixed in?
 
sroa
just joined
Posts: 14
Joined: Mon Dec 19, 2005 10:09 pm
Location: Puebla Mexico
Contact:

Fri Jan 27, 2006 7:53 pm

Hello, I was having the same problem, but If you check the user´s manual, when you see CONNECTIONS in firewall it reports connections from hours ago (or days) and specially the TCP connections are kept for days even if the client has been disconnected. Why dont you try to monitor one client ip with torch in the winbox, you will see that connlimit is working.
 
User avatar
djape
Member
Member
Posts: 469
Joined: Sat Nov 06, 2004 7:54 pm
Location: Serbia

Fri Jan 27, 2006 8:00 pm

Just go to connection tracking and reduce Established TCP connections from 5 days to 1 hour. It works great for me...
I drink like a pirate and smoke like a hippie...
 
ns-c0de
just joined
Posts: 17
Joined: Sun Jun 26, 2005 11:58 pm
Location: Serbia
Contact:

Mon May 08, 2006 11:15 pm

But doesn't that just reduce the time Tik tracks the connection? What happends to connections that ARE still established, but are not currently active (for example somebody on p2p queue)?
/world people war enable no

Who is online

Users browsing this forum: eworm, stylsoft, trrunde and 120 guests