Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

connlimit: Easy Question
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
ZeuZ_NG
Guru
Guru


Joined: 10 Sep 2008
Posts: 453
Location: Near /dev/urandom | /dev/null
PostPosted: Sun May 17, 2009 12:58 am    Post subject: connlimit: Easy Question Reply with quote
Hey all, I'm back with yet another trouble...
I've been left apart for a while of connlimit, thus I kind of forgot what the syntax looked like...
Thing is, a script that was PREVIOUSLY working is not anymore...

I'll just place an example, and what I intended to do with it, explaining the environment so that anybody can look after what might be happening:
Environment: Local Area Network, mixed OS stations, going in to the gateway (which acts only as that, a gateway with traffic shaping abilities) and going out to the next hop through another simple interface..
125 stations, 1.5mbps download, 750kbps upload.

I've been using htb-gen for a while, and a while ago I based a little solution biased on htb-gen script (to add per-client prio ports, which in fact as the time being has been implemented in HTB-GEN last version too, still as the solution works fine, I'm keeping it).
I was using connlimit to enhance QoS, limiting each client to a given number of connections, specified in the "clientes" file.

The rule wich is now troubling me is this one:
-A FORWARD -s $Cliente -p tcp -m connlimit --connlimit-above $con_definidas -j REJECT --reject-with tcp-reset
As you can see, it's a pretty standard example that can be found in a lot of places.
It would aim at limiting the $Cliente loaded in the row, to a given number of connections ($con_definidas) to the outside world. If it has gone over it, then it would reject them sending a tcp-reset, until it has some free "room to spare". This would allow me to limit simultaneous from each client in the defined file to the outside (and the LAN, too).
Unluckily, for some weird reason, it's now dropping a "Invalid argument" error for each client in the clientes file.

Am I really really blind? or has something related to connlimit changed since 2.6.18 which involves the syntax?

Also, I'm wandering what to do with UDP, since for the time I receive the packets, they've allready taken some of my bandwidth...

I was looking into using ipp2p to attack this issues, since most of it is related to P2P applications...

Any advices?
_________________
| Intel Core i7 920. | Intel DX58SO Extreme. |
| 8gb DDR3 1666mHz | 1TB 7200 RPM WD HDD.|
Unix´s guru view of sex:
unzip ; strip ; touch ; grep ; finger ; \
mount ; fsck ; more ; yes ; umount ; sleep.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy