1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to reject more than 100 connections by using iptables command?

Discussion in 'DD-WRT Firmware' started by minlab, Feb 20, 2008.

  1. minlab

    minlab LI Guru Member

    Hey there,

    I was using the following command to reject > 100 connections for the specific IP address. It seems doesn't work correct, would you pls help me to check out the command?:halo:

    Cheers


    iptables -I FORWARD -p tcp -s 192.168.1.142 -m connlimit --connlimit-above 20 -j REJECT

    [​IMG]
     
  2. minlab

    minlab LI Guru Member

    I saw a topic regarding this

    http://www.linksysinfo.org/forums/archive/index.php?t-48748.html

    But doesn't work on DD-WRT V24 RC6, any suggestion on this?

    Thank you

    ==============================================
    #start of script
    modprobe ipt_connlimit
    iptables -A FORWARD -p tcp --syn -s x.x.x.x -m connlimit --connlimit-above ttt -j REJECT
    iptables -A FORWARD -p tcp --syn -d x.x.x.x -m connlimit --connlimit-above ttt -j REJECT
    #end of script

    where
    x.x.x.x - means client IP
    ttt - maximum nuber simultaneously open connection, above that they will be rejected
    Set for your clients ex. 100-150 connections per IP and you have your problems out.
    ==============================================
     
  3. minlab

    minlab LI Guru Member

    any comments? please:biggrin:
     
  4. szfong

    szfong Network Guru Member

    Try MAC address filtering when all else fails! hehe ;-) Must be running a half dozen torrents?? :-( or dd-wrt "Special" (requires purchase to have better bandwidth controls).
     
  5. minlab

    minlab LI Guru Member

    hey szfong, thanks for your comments.

    you are right, someone was using uTorrent to download files all the time, I would like to set MAX. conntection for the IP or MAC, so the IP will not "SUCK OUT" all rest of broadband.

    Any suggestion for the command?

    SNOW Today, keep warm!
     
  6. szfong

    szfong Network Guru Member

    Limit his bandwidth with the "Special" version of dd-wrt. It'll auto cut the # of connections once you limit that particular MAC. Also, lowering the conn. timout will auto cut # of connections as well.
     
  7. minlab

    minlab LI Guru Member


    I am using Linksys WRT150N, is "Special" version support it?

    Cheers
     
  8. deathevor

    deathevor LI Guru Member

    Hi,

    You wrote in my post that you have this problem! So now I found the problem.
    The QoS in DD-WRT really doesn't wor properly. So I installed Tomato 1.17.
    And QoS works fine there. you can set up anything you want there (IP, Ports, MAc,) and it works!!!:)
    Also basic settings are setup well. :)

    Enjoy!
     
  9. minlab

    minlab LI Guru Member

    Thanks for your input, that is AWESOME!

    Can I install 1.17 on my linksys WRT150N router ? It looks DD-WRT doesn't support QoS properly.
     
  10. Toxic

    Toxic Administrator Staff Member

    if youy care to look at Polarclouds website you will see it does not support the WRT150N

    http://www.polarcloud.com/tomatofaq#what_will_this_run_on
     
  11. minlab

    minlab LI Guru Member

  12. minlab

    minlab LI Guru Member

    I am curious...any success sotries by using iptables command on DD-WRT ?

    have a nice weekend
     

Share This Page