similar to: limit number of connections per ip

Hi, I''m trying to make a shaper / firewall to improve sharing of bandwidth on a ADSL (3mbit down / ½ mbit up) Since the ADSL is very asymmetric, down is unimportant, I make a ingress rate limit shaper to ensure, all shaping is at the Shaper, and not on the Router or the ISP. The Idea is then to make one HTB hierarchy and have each client (IP) filtererd and put in a child-HTB queue.

Hi I believe that whole question is in topic. Is there any way to recognize ( and then shape ) p2p traffic which is encrypted? Modern p2p clients have this ability moreover some of them have this enabled by default. Now I''m using ipp2p for iptables but as I know this doesn''t recognize encrypted traffic. Thanks in advance. Pozdrawiam Szymon Turkiewicz

Hi all, I have been trying to investigate traffic shaping in an effort to solve the "unfriendly network apps" problem on a test network. I have a basis by which I''d like to shape traffic, but studying the howto doesn''t uncover and existing qdisc that seems to fit what I would like to do. The problem I would like to address is to prevent an IP address opening 10

Greetings folks, I've been researching the various iptables modules that are included with the stock CentOS4 distro; particularly the connlimit module. Is connlimit included by default? I thought it is since performing # iptables -m connlimit --help returns information on connlimit usage along with the general iptables help info: <SNIP> connlimit v1.2.11 options: [!]

hi, i try use iptables connlimit, # iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j DROP iptables: Unknown error 4294967295 where is problem ? thanks # rpm -qa | grep iptables iptables-1.3.5-4.el5 # uname -a Linux test 2.6.18-92.1.1.el5 #1 SMP Sat Jun 21 19:04:27 EDT 2008 i686 i686 i386 GNU/Linux

Hello there, I''m having lots of problems with my setup here. Let me explain: I am network administrator for my university dorm. We are about 300 users, and we have 2 ADSL connections doing load balancing with 300kbits upstream and 2Mbit downstream. The load balancing is working great, we are doing connection tracking so I can mark and hence prioritize interactive traffic and ACKS

https://bugzilla.netfilter.org/show_bug.cgi?id=1463 Bug ID: 1463 Summary: nft --json table list ruleset crashes Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org

I am trying to get the x86_64 isos of CentOS-5.2. I wish to use bittorrent. The last time that I did this I required the bittorent package from Dag's repository. I have configured /etc/yum.repos.d/DagWieers.repo thus: [dag] name=Dag Wieers RPM Repository for Red Hat Enterprise Linux #Also see URL http://dag.wieers.com/home-made/apt/

Hi, I have many example of HTB GUI . All is already well developed, which discussed in this link. However, can anyone teach me what software to use to build a own web based GUI HTB software in Fedoracore ( Linux based) ? Thanks Regards Alan _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl

Dear R-help, I have started using R on my Linux box (Debian), and I have some problems with setting the editor/keyboard for R. The For instance, arrow-up gives "^[[A", and delete gives "^H". I have a Norwegian keyboard, but that doesn't cause any problems for editors like emacs. Could you advice me on how I can set the editor for R right? I have tried

Would someone please explain to me the difference in effect between the following two IPTABLES conditions and the significance thereof in concurrent connection limiting? --tcp-flags SYN,ACK,FIN,RST SYN -j REJECT \ --connlimit-above 3 --connlimit-mask 32 --state NEW -j REJECT \ --connlimit-above 3 --connlimit-mask 32 -- *** e-Mail is NOT a SECURE channel *** Do

Hello, I haven''t been keeping up with sending ESFQ [ANNOUNCE] messages to this list, but I''ve still been working on the patch. If you''re curious about recent changes, take a look at the home page, ChangeLog, and README: http://fatooh.org/esfq-2.6/ http://fatooh.org/esfq-2.6/current/ChangeLog http://fatooh.org/esfq-2.6/current/README Meanwhile, I''m interested

Hi everyone, I see that shorewall has "ratelimit" but i''m interested in deny conexions by number of them, not by number/sec. Is connlimit feature supported by shorewall? Or maybe someone have an extraofficial patch for them? Regards, Angel Mieres ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT

Hi If I have a HTB class with 128kbit, and I want to put "N" users in that class ( in order to share bandwidth fairly ) , which is better for me ? esfq (hash dst) or wrr ? I would attach esfq or wrr to HTB parent class. Also I''ve readed on Jim script that over WRR put a RED qdisc, but I don''t understand it. bests andres

Hi there, i am trying to shape a network for a college dorms... INTERNET---- ETH0--------Nat Box-------ETH1--------LAN I have set up classes of traffic (HTTP, FTP, MAIL, IM, OTHER) and i have assigned a rate for everyone with a HTB qdisc. The limit based in traffic is working flawlessly. However, under every HTB class i have set up a ESFQ queue discipline with hash value set to

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=467 mateusz@kaduk.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- Additional Comments From mateusz@kaduk.net 2006-10-01

Hello! I am using since yesterday ESFQ instead of N HTB queues. It mostly works OK, but when somebody is using one single sesion (for example downloading file via FTP), it gets weird speed. For example it is 20 kilobytes pres second, then drops down to 9, then 20 again, and then slowly to 0 and stops. But when using download accelererator of some kind or bittorrent client which uses many

Hi I have a small lan (10.0.0.0/8) behind my linux box. I use MASQUERADE to allow users connects to internet. I set up an esfq qdisc for outgoing traffic. And there is a little question. Does source hash type in esfq recognize NATed local ip''s? -- Pozdrawiam Marcin mailto:slacklist@op.pl _______________________________________________ LARTC mailing

http://fatooh.org/esfq-2.6/ http://fatooh.org/esfq-2.6/esfq-2.6.12-rc1.tar.gz This version no longer interferes with the original SFQ; unlike previous versions, you can still use an unpatched tc with SFQ. Patching tc is still needed for ESFQ, though. I''ve tested this patch with Linux 2.6.11 as well. Please tell me if you have any problems. I''m subscribed to lartc again. -Corey

Hello again, I have a router/nat linux box. I managed to create some HTB classes and everything is OK. When perople are usig download managers like FlashGet and DAP (multiple connection ones), the ceil limiting works okay, but the rate parameter is somehow useles... The guaranteed bandwidth is never reached. So what can I do to limit the number of connections/computer? I want to make sure that