I need to adjust what exactly ufw LIMIT port# does.I like the fact that the port is getting limited, but ufw overdoes it a bit. Is there a config file somewhere I can edit?
View 5 RepliesI want to put a bandwidth limit on the 8000 port. The limit not have to be global! It must be per connection! For example if i put a 20kB/s limit on the 8000 port and I have 3 clients connected to the port, i want that each have the 20kB/s. How can I do that? I readed something about TC, but i don`t know how to use it... I`m a little noobie Sorry for my bad english
View 7 Replies View RelatedI've searched through the forums and found a few threads that kind of helped, but I'm still pretty lost when it comes to TC. I'm trying to do and also break it down and explain what each part of the command does so that I can learn along the way. What I'm trying to do is limit any connection from source port 6001 to 30KB/s.
I'm currently running a game server and it has no built in bandwidth limiting feature, which means if someone logs in and needs to download the map it destroys my bandwidth for the rest of the servers players. The game server is running on port 6001.
I am at a loss how to prevent Denial of Service attacks to port 25 and not block legitimate connections from 2 Barracuda 800(s) and block smart phones such as iPhones/Blackberrys/iPhones that use the server smtp.server.com for email.
Presently for port 25
RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
The 2 Barracuda 800(s) make port 25 connections all the time, plus users with smart_phones have the incoming server type:
IMAP
pop.server.com
smtp.server.com
Is there a way to keep Denial of Service attacks from happening with iptables rules without causing blocking to the Barracuda(s) that make constant port 25 connections & smart phones that poll? I was thinking if I allowed the Barracuda(s) in these lines
-s (barracuda)24.xx.xx.xx -d (emailserver)24.00.xx.xx -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
Where the source would be the Barracuda going to the email server. It would be allowed, then I am left with how to allow other connections like Smart_Phones that connect via Port 25. I am thinking if I put rules in place doing connection counts in a minute it would result in errors connecting to the server and people would start complaining. Plus any limiting may result in blocking real traffic. Then would I need to allow the ISP range in the above example to accept port 25, I am still left with how to drop a flood/denial of service attack.
How to number of connections for a single ip on port 80 to CentOS 5.5 with iptables? connlimit did not work on CentOS and nginx does not provide a module for that
View 4 Replies View RelatedI'm trying to limit access to port 8443 on our server to 2 specific IP addresses. For some reason, access is still being allowed even though I drop all packets that aren't from the named IP addresses. The default policy is ACCEPT on the INPUT chain and this is how we want to keep it for various reasons I wont get into here. Here's the output from iptables -vnL
[Code]...
Note the actual IP we are using is masked here with 123.123.123.123. Until I can get everything working properly, we're only allowing access from 1 IP instead of 2. We can add the other one once it all works right. I haven't worked with iptables very much. So I'm quite confused about why packets matching the DROP criteria are still being allowed.
I want to do a simple port redirect, i.e. whatever comes trough whatever interface on port AAAA will get redirected to port BBBBI thought that iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp --dport AAAA -j REDIRECT --to-ports BBBBhowever it doesn't work, e.g. nc -v -w2 -z localhost AAAA gives:
nc: connect to localhost port AAAA (tcp) failed: Connection refused
while
nc -v -w2 -z localhost BBBB
[code]....
I'm running Fedora 15, and am trying to run a program that uses gsoap/soapcpp2 2.7.17 to communicate with different parts of the program. As far as I know everything has compiled correctly and I am using the same versions of the required libraries as several working installations. However, every single time the program tries to open a port, the program is unable to do so. This happens no matter what port I specify.
if there is anything in fedora that would limit or disable the ability of the program to open a port to start communicating. I have tried disabling the firewall with no change to the behaviour.
When I use the following command:
ssh user@ssh_server -L 5500:localhost:5500 -p 22
everything works fine. I can log in, and local port forwarding is done. Otherwise when I use the command:
ssh user@ssh_server -R 5500:localhost:5500 -p 22
I get an error "remote port forwarding failed for listen port 5500". However when I try remote port forwarding in WinXP by use of putty there is no problem...
my secure log is flooding with these messages..
sudo: pam_limits(sudo:session): wrong limit value 'unlimited' for limit type 'hard'
Dec 28 22:42:29 yn54 sudo: pam_limits(sudo:session): wrong limit value 'unlimited' for limit type 'soft'
Dec 28 22:42:29 yn54 sudo: pam_limits(sudo:session): wrong limit value 'unlimited' for limit type 'hard'
I want to set my ip as static and port forward it through a specific port can anyone help me with this im using ubuntu 10 with 64 bit OS
View 1 Replies View RelatedI'm trying to use iptables in order to forward all the incoming packets for port 5555 to port 5556 on the same server (192.168.2.101).
I wrote the following commands:
iptables -A PREROUTING -t nat -i any -p tcp --dport 5555 -j DNAT --to 192.168.2.101:5556
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.2.101 --dport 5556 -j ACCEPT
I have a VPS server with 512 MB memory. The php.ini is set so script memory limit = 16 MB. However, I have noticed in my top report, instances like the following:
Quote:
5484 coldclim 25 0 46476 32m 5920 R 0.0 6.4 0:00.93 php
The bold number of 6.4 is the % of sever memory this process is using. 6.4 % of 512 MB of memory is about 32 MB of memory, so it appears that this isn't being limited by php.ini. Am I correct? This leads to the next question: Is there some way to limit the amount of memory a single suphp process can use? (Basically, something like the setting in php.ini which limits suphp processes in the same way.)
I'm using a Debian servers, as router/firwall.. I've two ethernet interfaces into the server, one for wan and one for lan. The i use SNAT so my LAN clients can access the internet throgh the debian router. That is working... Now i want to be able to access servers on the LAN site from the WAN site, and i wanna use port address translation (PAT). I have a FTP server running on a lan server, so i'm trying to portward port 21.
iptables -t nat -A PREROUTING -p tcp -i eth1 -d (WANIP) --dport 21 -j DNAT --to 192.168.1.2:21
When people try to access my FTP from the WAN site, they are redirected to the local FTP server, and they are promted for crendentials, but when the credentials are typed, and the local ftp server should answer the wan request, the connections dies.
The wan clients are being promted for credentials, so they are redirected to the local lan server, but after that the connections dies, so i think there is some kind of nat problem, when the local lan server is trying to respond to the wan request..
Here i my iptables script:
#flush table
iptables -F
#input regler
[code]....
I make an application on GNU/Linux which listening on a MULTICAST stream, so I open my unconnected socket, bind it on a MULTICAST address and a port, join the multicast group with the "setsockopt (IP_ADD_MEMBERSHIP)", then I receive datagram on my socket.
Now I've two different instances of the same application that run with their own MULTICAST address and port. And what I found strange is that, after a misconfiguration, I switch the ports, for example:
Emitting on 225.0.0.1/23451 and 225.0.0.2/23452
Receiving on 225.0.0.1/23452 and 225.0.0.2/23451
And my receiving part doesn't care about the MULTICAST address, it looks like the socket is listening on the port number only! I mean that the receiver [225.0.0.1/23452] take its datagrams from emitter [225.0.0.2/23452] and vice-versa!
How can i redirect data received on a port to another port located in a different machine? Can i do this using IPTABLES ?
View 4 Replies View RelatedI have a mail server on which I would like to block port 25 on my eth0 for everyone except our external spam filter. the problem is that I want our users to be able to connect via port 10025 which is forwarded to port 25, which then is blocked...
View 2 Replies View RelatedI had to add them to my firewall script when I installed openvpn on my dd-wrt router:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
what should I add/change to set up port forwarding of port 1000 to ip 192.168.1.200. also how to get the answer sent by 192.168.1.200 follow the same route used by the data received through port forwarding.
i have an embbeded hardware that uses bootp for booting from a Network Managemnt Host (NMH)on the same ethernet. The embedded hardware has both kind of ports i.e ethernet as well as E1/T1. I would like ask, what do i require to establish a communication-link between the embedded hardware and the NMH throuh E1/T1 ports of embedded hardware, so as to make it boot through from E1/T1. Further, NMH possesses only ethernet port. Just to refine my questions i'd like to know what additions do i need to do on my NMH , like may be i have to put an E1/T1 port or is it possible that the E1/T1 port can be directly connected to an ethernet port on the other host.
pardon me if i am not making absolute sense here as my knowledge is limited on Layer 1 and layer 2.
how to access networking port and run scripts on that port so as to gain access of remote machine.is that possible through command prompt or through software.
i kno ip address of my frnd who is chattin with me .okay.i want to run an application on his computer .i came to kno tht we can run script o through port
I have ubuntu server with PPTP on it. I need to limit single connection speed for ip 1 mbit/s, and mounthly traffic limit to 5 GB. How i can do this my task. I try to find somthing with ip tables, but can't find how to creat mounthly limits.PPTP do not have this option, maybe is some other, not hard for configure VPN server? Maybe someone make this task with iptables, and can give commands for limiting? Ofcorse VPN program with integrated accaunts and limits will be better.
View 1 Replies View RelatedI was wondering if there was a Windows or Ubuntu way to limit the amount of data that is able to be sent over the internet between certain times, eg. Between the times of 7am and 7pm can only download 300 MB from the web, when this limit is reached the web is either disconnected or slowed down.
View 2 Replies View RelatedI installed ZTE MF 626 modem in my F10 with kernel 2.6.27.12-170, i run usb_modeswitch and so far things happened normally. Watching through /var/log/messages it says that F10 detects two port device for this modem: ttyUSB1 and ttyUSB2, and in the sequence it disable port ttyUSB1 BUT Network Manager still set this port.I mean, when i connect via wvdial appointing to ttyUSB2 i get connection, but Network Manager fails to do it appointing to ttyUSB1. How to change device port in Network Manager?
View 1 Replies View RelatedI have a linux box running between my router and my LAN. My connection speed is 10MB download and 1MB upload. The issue is that whenever someone starts to upload something, it is like my connection is down. No one else can open websites, read emails etc.Is it possible to place a limit for upload, maybe 50kb/s? This way, people won't use the entire upload speed available.
View 1 Replies View RelatedI want to use the tc rules for bandwidth control in my lan.i have a linux router(traffic shaper).how i can limit the amount of bandwidth every user has access to per day? For example, any user can't download more than 2 gb per day(or per month).
The information about lan's users(such as a group type,userid,etc.but not any thing about time limiting per user)is in ldap directory on ldap server.the linux server uses ldap server for authentication users when the user login.
I'm a newbie in the world of netfilter/iptables. I've read an article about iptables and rate limit module:
Code: iptables -A INPUT -p ICMP --icmp-type echo-request -m limit --limit 1/minute --limit-burst 5 -j ACCEPT The firewall will let the first 5 packets in in the first minute, -limit-burst 5; this means, however, that the packets/minute now is 5, so any further packets are blocked until packets/minute = 1, i.e. 5 minutes later. In the sixth minute, packets/minute will be 5/6 < 1, so another ping request will be let in. When the extra ping request is admitted, the ratio becomes 6/6 = 1 again, and packets are DROPped again until the next minute.
Now I have some problems in understanding how it works.
For example: I want ping google.com in this way: the kernel firewall permits to send the first 5 packet to google.com (--limit-burst 5) and then it blocks the remaining packets for 5 minutes. At sixth minute (because I wish a limit rate equal to 1/minute: --limit 1/minute) one packet can send to google again. And so on.
So my rule should be:
Code: iptables -A OUTPUT -d url_of_google -p icmp --icmp-type echo-request -m limit --limit 1/minute --limit-burst 5 -j ACCEPT In this way, if i digit
Code: ping -f url_of_gogle I expect that the first 5 packets are accepted (and so zero '.' will print on the screen) and then for the remaining 5 minutes no one packets will be accepted (and so a long string of '.' will print). But it doesn't work...
In man pages of ping we read (about -f option):
-f Flood ping. Outputs packets as fast as they come back or one hundred times per second, whichever is more. For every ECHO_REQUEST sent a period ``.'' is printed, while for every ECHO_REPLY received a backspace is printed. This provides a rapid display of how many packets are being dropped.
I Own a netcafe and I want to limit the netspeed for some of the users on the network because some of them maybe use torrent or other ways to eat the bandwidth and the net became so slow for other users.
My task is a way to limit the net speed for some users on the network, I tried a mikrotik RouterOS but it look like a miss to install I wanted an easier way than this, I use linux or windows or any OS to make this task done please help me to do it !!
We (3) have download limit problems with a 50G/month limit (Inc uploads). The router I cannot change, and it offers no useful options. So I am considering using IP forwarding from my own box. I think I would need a second nic, & router. Eth0 would run a dchp server, eth1 would run a client. What do I run on the box to monitor downloads & uploads, and is there a way of adding pc & laptop downloads to limit luser downloads? Does this stuff strangle speed? I'm running slackware-13.1
View 3 Replies View RelatedI have a linux debian on a network connected to a router through a ethernet cord. My linux is hogging the network speed and the users of the other computers on the network aren't very happy. Is there a way to limit the download speed on only my computer?
View 1 Replies View RelatedMe and my friend are using the same internet, sometimes he downloads something or watches a movie online. When he does that my internet connection becomes very weak. So is there any way to put limit on his computer? Like only 30kb/s
View 2 Replies View Related