Server :: IPtables And TC To Limit Network Speed
May 14, 2010
I am trying to limit bandwidth of certain ip addresses on my server. I have been doing hours of reading and not getting very far... So far I believe the iptables command is
ptables -A PREROUTING -s 178.33.23.44 -t mangle -j MARK --set-mark 2
ptables -A PREROUTING -s 178.33.23.45 -t mangle -j MARK --set-mark 2
ptables -A PREROUTING -s 178.33.23.46 -t mangle -j MARK --set-mark 2
ptables -A PREROUTING -s 178.33.23.47 -t mangle -j MARK --set-mark 2
and now I just need the tc command to read those marks and limit bandwidth, I have a gigabit connection and would like to limit each of these ip addresses to 10mbit in and out.
View 2 Replies
ADVERTISEMENT
May 3, 2011
How to limit network speed? Is there any apps in Centos can do that?
View 1 Replies
View Related
May 10, 2011
I have a linux debian on a network connected to a router through a ethernet cord. My linux is hogging the network speed and the users of the other computers on the network aren't very happy. Is there a way to limit the download speed on only my computer?
View 1 Replies
View Related
May 9, 2011
I have this new flatmate who uses all my Internet data up before the end of my monthly clockover. Instead of having to buy heaps of data top-ups at the end of the month, is there a way I can limit the speed of his computer through the network? I have tried looking through my router settings (which is a Thomson router) but there doesn't seem to be any options in regards to limiting activity of a system on the network.
View 3 Replies
View Related
Feb 24, 2010
I have a linux firewall. I want to limit a ssh connection number from local network to internet .
Example :
Internal pc (192.168.0.10) start a ssh scan to the external (internet) host.
I want that iptables limit that host (192.168.0.10) and block ssh connection from this host at 3 attempt.
View 2 Replies
View Related
Dec 27, 2010
Does anyone know a simple out of the box option to limit traffic by IP with iptables? Output to each connected IP should be limited to to 1.5Mbps but I don;t want to limit incoming connections from the web. Ideally something with a tutorial because the LARC papers and stuff are impossible to read. For example, the user connects by VPN and requests the webpage [URL]. This should be sent to them at 1.5Mbs but if user 2 connects to [URL], this should also be sent at 1.5Mbps but the incoming ..... connection needs to be allowed to be unlimited to prevent incoming throttling..
View 3 Replies
View Related
Sep 30, 2010
I have a SSH server set up at home listening on port 22. I have hardened the server so it is pretty secure but I want to make it even safer by editing my iptables to rate-limit incoming connections and DROP false login attempts. I have tried these tutorials but I just cant get it to work:[URL]I want the debian-administration.org tutorial to work but when I try to add the first rule in terminal:sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --setI get the following:Bad argument --set'I am new to iptables and I'm not sure if I'm doing something wrong when I try to set it up. I'm using Ubuntu 10.04.1 LTS with iptables v1.4.4.
View 6 Replies
View Related
Dec 23, 2010
I'm trying to limit access to port 8443 on our server to 2 specific IP addresses. For some reason, access is still being allowed even though I drop all packets that aren't from the named IP addresses. The default policy is ACCEPT on the INPUT chain and this is how we want to keep it for various reasons I wont get into here. Here's the output from iptables -vnL
[Code]...
Note the actual IP we are using is masked here with 123.123.123.123. Until I can get everything working properly, we're only allowing access from 1 IP instead of 2. We can add the other one once it all works right. I haven't worked with iptables very much. So I'm quite confused about why packets matching the DROP criteria are still being allowed.
View 10 Replies
View Related
Jun 13, 2010
My DVD player attached to my TV is picky. Burn CD's (with avi files) at 8X and it plays them. 16X and it complains about bad disk. Every time. In karmic, I can only get cdrecord to burn at 16x.
Here's the command:
cdrecord -dev=/dev/scd0 -speed=8 -dao -pad -v something.iso
And it burns at 16x instead of 8x. Command issued with root privilege. Identical hardware under CentOS 5.x and it burns at 8x, like I asked it to. I'm all SATA if it matters. What do I need to do to get the version of cdrecord with karmic to burn a data CD at 8x? For whatever reason, CDs burned at 16x just don't work in the DVD player attached to my TV.
View 1 Replies
View Related
Jun 15, 2010
There is a ps3 in my house which i play with an online connection, i also download alot of stuff. so i want to limit the upload speed of the ps3 to give my downloads more speed. i have verizon fios.
View 3 Replies
View Related
Mar 20, 2011
We (3) have download limit problems with a 50G/month limit (Inc uploads). The router I cannot change, and it offers no useful options. So I am considering using IP forwarding from my own box. I think I would need a second nic, & router. Eth0 would run a dchp server, eth1 would run a client. What do I run on the box to monitor downloads & uploads, and is there a way of adding pc & laptop downloads to limit luser downloads? Does this stuff strangle speed? I'm running slackware-13.1
View 3 Replies
View Related
Jan 21, 2011
Me and my friend are using the same internet, sometimes he downloads something or watches a movie online. When he does that my internet connection becomes very weak. So is there any way to put limit on his computer? Like only 30kb/s
View 2 Replies
View Related
Jan 22, 2010
I use vsftpd. I would like to know if there is a way to limit the upload speed. Only the upload speed so the "anon_max_rate" and "local_max_rate" don't do the job. Someone told me about the trickle but I expected a more recent application.
View 1 Replies
View Related
Feb 3, 2010
It sounds weird but on Linux I can't find a browser that allows to set a download speed limit. I found an extension for Firefox but it works only on Windows. I know the existence of download managers like d4x, wget, jdownloader, etc... but some downloads can only be done by browser. I know trickle too but if I want to change the speed limit I have to 'restart' the command (interrupting the current download). Then I didn't find an extension for Chromium.
View 9 Replies
View Related
Mar 16, 2010
Is there a way to limit the speed that apache will send a page to a specific computer in my LAN? I would like to be able to test what my pages would be like if they loaded at 25KB/s for example. My Server is 192.168.0.2 and the other 'browser' computer is 192.168.0.4.
View 3 Replies
View Related
Mar 29, 2011
I need a program that will limit download speed per connection. So that each download is limited to 100kbit/s for e,g. I tried trickled, it only limits whole application (and doesn't work with firefox). Also tried pyshaper, doesn't work. Is there such software?
View 1 Replies
View Related
Jan 4, 2010
In my household a number of people use the internet. Up to a maximum of 3 wired connections and 2 wireless connections at its peak, all connection through my D-LINK G604T router. The problem is, when one person is downloading or watching ..... or whatever, the others using the internet suffer. I've spent hours configuring QoS on my router, and long story short, no matter how I configure it, it just simply does not work. QoS in no way shape or form limits connection speed (which it says it should). Anyway.
I have a spare computer under my desk, and I'd like to know if I could set this up with a (free) linux distro that limits bandwidth speed per connection. For example, of the 1500 kb/ps (about) my modem pulls, is there a way to limit that to 768 or 512 per connection? so person A can still download, person B can still watch ....., and person C can still play counterstrike with a latency under 100. This would solve many, many arguments in my house I am *fairly* good with computers, but if the distro came with documentation and a GUI that would be awesome.
* TL;DR: *
Is there a linux distro I can load on a spare computer that limits bandwidth per connection, wireless or otherwise, with good documentation?
Failing that is there firmware I can use for my modem (dlink g604t) that would do the same?
Failing that do you know of any good hitmen that would solve my family arguments, ahem, permanently?
View 6 Replies
View Related
Apr 8, 2010
I'm a newbie in the world of netfilter/iptables. I've read an article about iptables and rate limit module:
Code: iptables -A INPUT -p ICMP --icmp-type echo-request -m limit --limit 1/minute --limit-burst 5 -j ACCEPT The firewall will let the first 5 packets in in the first minute, -limit-burst 5; this means, however, that the packets/minute now is 5, so any further packets are blocked until packets/minute = 1, i.e. 5 minutes later. In the sixth minute, packets/minute will be 5/6 < 1, so another ping request will be let in. When the extra ping request is admitted, the ratio becomes 6/6 = 1 again, and packets are DROPped again until the next minute.
Now I have some problems in understanding how it works.
For example: I want ping google.com in this way: the kernel firewall permits to send the first 5 packet to google.com (--limit-burst 5) and then it blocks the remaining packets for 5 minutes. At sixth minute (because I wish a limit rate equal to 1/minute: --limit 1/minute) one packet can send to google again. And so on.
So my rule should be:
Code: iptables -A OUTPUT -d url_of_google -p icmp --icmp-type echo-request -m limit --limit 1/minute --limit-burst 5 -j ACCEPT In this way, if i digit
Code: ping -f url_of_gogle I expect that the first 5 packets are accepted (and so zero '.' will print on the screen) and then for the remaining 5 minutes no one packets will be accepted (and so a long string of '.' will print). But it doesn't work...
In man pages of ping we read (about -f option):
-f Flood ping. Outputs packets as fast as they come back or one hundred times per second, whichever is more. For every ECHO_REQUEST sent a period ``.'' is printed, while for every ECHO_REPLY received a backspace is printed. This provides a rapid display of how many packets are being dropped.
View 2 Replies
View Related
Dec 18, 2010
I have an external sata dock for hdd that give me a lot of error till linux decided to lower the speed of it to 1.5 then it start work well
View 2 Replies
View Related
May 15, 2010
I got a dedicated server ; datacenter told me that I have a 1000 Mbps Public & Private Networks uplink/downlink . How can I check from console if they are saying the true ?
Also , how can I get info about the server network card from console ?
View 1 Replies
View Related
May 12, 2010
I have a VPS server with 512 MB memory. The php.ini is set so script memory limit = 16 MB. However, I have noticed in my top report, instances like the following:
Quote:
5484 coldclim 25 0 46476 32m 5920 R 0.0 6.4 0:00.93 php
The bold number of 6.4 is the % of sever memory this process is using. 6.4 % of 512 MB of memory is about 32 MB of memory, so it appears that this isn't being limited by php.ini. Am I correct? This leads to the next question: Is there some way to limit the amount of memory a single suphp process can use? (Basically, something like the setting in php.ini which limits suphp processes in the same way.)
View 2 Replies
View Related
May 14, 2011
I'm trying to limit the number of the ICMP packets reaching my server, so I'm using the limit module of iptables, unfortunately it seems the limit I set is totally ignored as I can easily send tens of ICMP packets and get a reply in less than 0.3 second Quote:
m3xican@m3xtop:~$ sudo ping -i0 -c20 x.x.x.x 20 packets transmitted, 20 received, 0% packet loss, time 230ms
rtt min/avg/max/mdev = 184.969/185.895/189.732/1.301 ms, pipe 16, ipg/ewma 12.138/186.232 ms This is the rule I'm using to accept ICMP packets (default setting is DROP)
Code:
iptables -A INPUT -p icmp -m limit --limit 1/s -j ACCEPT
And these are the kernel modules related to iptables
Code:
Module Size Used by
xt_limit 1382 0
[Code]...
View 5 Replies
View Related
Jan 11, 2011
I am at a loss how to prevent Denial of Service attacks to port 25 and not block legitimate connections from 2 Barracuda 800(s) and block smart phones such as iPhones/Blackberrys/iPhones that use the server smtp.server.com for email.
Presently for port 25
RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
The 2 Barracuda 800(s) make port 25 connections all the time, plus users with smart_phones have the incoming server type:
IMAP
pop.server.com
smtp.server.com
Is there a way to keep Denial of Service attacks from happening with iptables rules without causing blocking to the Barracuda(s) that make constant port 25 connections & smart phones that poll? I was thinking if I allowed the Barracuda(s) in these lines
-s (barracuda)24.xx.xx.xx -d (emailserver)24.00.xx.xx -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
Where the source would be the Barracuda going to the email server. It would be allowed, then I am left with how to allow other connections like Smart_Phones that connect via Port 25. I am thinking if I put rules in place doing connection counts in a minute it would result in errors connecting to the server and people would start complaining. Plus any limiting may result in blocking real traffic. Then would I need to allow the ISP range in the above example to accept port 25, I am still left with how to drop a flood/denial of service attack.
View 4 Replies
View Related
Apr 5, 2011
Can I, with only the use of IPTABLES, limit the incoming bandwith for a protocol? We have for example servers that have a FTP and HTTP server running and whenever HTTP has a lot of connections open, the other uploads/downloads get a timeout. I know I can limit the number of connections but prefer to limit on protocol level. Is this possible using IPTABLES and if so, can someone indicate how to proceed or provide a link? If it's not possible can someone point me to the right tool for the job?
View 6 Replies
View Related
Jul 28, 2010
I have a PC that is using Ubuntu Karmic. It serves only to download stuff, and is on 24-7.
Can I set a limit to download speed for Deluge and aMule throughout the day (so that it doesnt interfere with other network stuff) but unlimited during the night? (when we are all sleeping)
View 3 Replies
View Related
Jan 13, 2010
I have just formated and did a fresh install to start all over. I installed Ubuntu 9.1 and everything went fine but the network. The computer serve as a NAS and MediaPlayer. When getting a file from the server, I get a speed of 40-60mb/sec, which are good for a Gigabit network. When I try to put a file in, the speed can't pass more than 1mb/sec and often stop.
Here's the network info:
Code:
vric@XBMC:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:24:8c:a1:eb:55
inet addr:192.168.1.5 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::224:8cff:fea1:eb55/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[code]...
Edit: Looks like it's a Gigabit Problem. I connected the Ubuntu box to my Linksys router which is 10/100 and everything is MUCH faster.
View 2 Replies
View Related
Mar 12, 2010
I have the problems with transfer speed between samba and Windows XP clients.
Samba server configuration:
Quad Core 6600 CPU.
4 Gb RAM
OpenSUSE 11.2 with kernel "2.6.31.12-0.1-desktop"
Samba - samba-3.5.1-1.1.i586
Test: 4 GB File copying. One file.
Transfer speed from Samba Server to Windows 7 and XP clients:
(Windows clients copy file from Server share -> to local drive)
From Server to Windows 7 client 1:
85-90 Mb/sec
From Server to Windows 7 client 2:
90-100 Mb/sec
From Server to XP1 client 3
75-100 Mb/sec
Transfer speed from Windows 7 and XP clients TO Samba Server:
(client copy file from local drive -> to server Share)
From Server to Windows 7 client 1:
12-20 Mb/sec
From Server to Windows 7 client 2:
30-35 Mb/sec
From Server to Windows XP client 1
20-27 Mb/sec
(Copying file from Windows local drive to Windows remote share)
From Window 7 client 1 TO Windows XP client 1
40-50 Mb/sec
From Window 7 client 2 TO Windows XP client 1
50-60 Mb/sec
Copying file from Windows 7 client 2 share -> TO Windows XP client 1 show me 100-120 Mb/sec speed permanent.
Copying file from Linux hosts to NFS server is stable 50-90
Mb/sec bidirectional.
This part of my smb.conf file
Code:
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2009-10-27
[global]
log level = 1
debug level = 0
max log size = 50 .....
I have very slow write speed when copying file from Windows clients to Samba Share. Samba speed is slower than Windows native clients connections ?
View 9 Replies
View Related
Apr 8, 2010
I am just checking in I know a lil about linux looking to learn more I know forums are the best way to go. I recently installed centos 5.3 on a machine we are going to be using as a squid server. Just a couple quick ?s and just wanted to pick your alls brains. What I am trying to do with the server is use it for caching to speed up our network t but I don't want to go around to all the our customers to setup their browser for proxy. What all is involved with making this server completely transparent. So the end user will does not need to enter in proxy information.
View 3 Replies
View Related
Sep 17, 2010
I'd like to use tc and iptables to restrict the download speed. I understand this is know as policing. Are there some resources I could use to learn how to do this? I want to restrict on a per ip basis.
View 1 Replies
View Related
Nov 3, 2010
I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
View 3 Replies
View Related
