limit connexions to my proxy

Question

I have a slow internet bandwith (1024 KBITS/S) to share between 30 users. To control the traffic, I have setup a basic proxy server with iptables. Logs and Packets captured with tcpdump show that there are a lot of connections per IP. So I want to limit http connections by adding this line:

% iptables -A INPUT -p tcp --syn --dport 80 -d !$SQUID_SERVER \
         -m connlimit --connlimit-above 5 -j REJECT --reject-with tcp-reset

then I test it with :

% netstat -nt | cut -c 40- | cut -d: -f1 | sort | uniq -c | sort -n

and this seems not working :

  3          10.2.13.32
  3          10.2.13.91
  4          10.2.13.37
  5          31.13.72.55
  **6**          90.84.59.72
  **8**          10.2.13.249
  1          108.160.161.158
  1          199.7.52.72
  1          208.53.158.108
 **14**          10.2.13.80
 **19**          10.2.13.79
  2          178.255.83.1

You seem to be including connections in all states, try only counting ESTABLISHED connections by adding `| grep ESTABLISHED` after `netstat -nt`. — mgorven, Feb 08 '13 at 22:36

score 0 · Answer 1 · answered Feb 08 '13 at 14:10

0

are you sure this connections are not directed to squid and permited by the rule -d !$SQUID_SERVER ?

Please better paste full lines.

answered Feb 08 '13 at 14:10

Brigo

1,534
11
8

score 0 · Answer 2 · answered Feb 19 '13 at 16:03

Sorry for the late answer i added "-d ! $SQUID_SERVER" to allow requests coming from the proxy server .My goal is to limit the number of websites loaded per Ip or mac address.

  1          10.2.13.92
  1          107.21.36.27
  1          108.160.160.165
  1          173.194.39.24
  1          173.194.69.102
  1          173.254.28.70
  1          192.168.1.3
  1          199.47.218.151
  1          199.47.219.149
  1          213.154.65.67
  1          23.23.143.97
  1          31.7.61.11
  1          64.4.34.40
  1          64.4.61.44
  1          69.25.24.23
  1          80.190.166.100
  1          90.84.50.154
  1          90.84.50.161
  1          90.84.50.168
  1          90.84.50.177
  1          90.84.53.41
  2          10.2.13.71
  2          10.2.13.75
  2          10.2.13.82
  2          10.2.13.91
  2          108.160.160.159
  2          173.194.69.156
  2          87.248.105.221
  2          90.84.50.187
  3          173.194.69.113
  4          173.194.69.132
  5          10.2.13.227
  5          10.2.13.229
  6          213.186.33.17
 13          10.2.13.228
 15          10.2.13.89
 30          10.2.13.78

limit connexions to my proxy

2 Answers2