Limit maximum TCP connections for NAT connection

Discussion in 'Linux Networking' started by Frank, Aug 23, 2006.

  1. Frank

    Frank Guest

    Hi,

    How can I limit the number of TCP connections that can be served per NAT
    (masquerade) host?
    Some induviduals on our network tend to p2p like hell.


    Regards,


    Frank
     
    Frank, Aug 23, 2006
    #1
    1. Advertisements

  2. Frank

    buck Guest

    Probably what you want is a combination of MATCH RECENT and CONNLIMIT
    in the FORWARD chain of iptables. In comp.os.linux.security you will
    find much about limiting SSH and the same applies for any service or
    connection. However, with p2p you can't select by port, so you may
    need to look into Layer 7 methods that track p2p.

    I use RECENT and CONNLIMIT for FTP, SSH and SMTP but not HTTP because
    limiting HTTP causes Apache to fill my logs with 408 timeout messages.
    I just DROP file sharing packets because that's "play" and company
    policy is to allow only business use of its net connection.
     
    buck, Aug 23, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.