1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Resonable Number of connections?

Discussion in 'Tomato Firmware' started by Dragon2611, Mar 31, 2008.

  1. Dragon2611

    Dragon2611 LI Guru Member

    Noticed with the Script generator you can set the limit of The number of connections for a specific client.

    Anyone know what a resonable value would be if I wanted browsing, Msn to work (inc webcam/file transfer).

    There was 1 machine with about 200 connections open, most of them with IP's that resolve to home ISP's which makes me wander if they were using p2p even though I had l7 and I2pp setup.

    Moved that pc back to the range which most ports blocked (I'd previously moved it to allow all ports and rely on the l7/i2pp filters as the limited port range tends to upset the MSN webcam feature)

    It seems I can't just open up the MSN webcam ports either since that's most of the sodding upper port range :angry:
     
  2. LLigetfa

    LLigetfa LI Guru Member

    On my corporate network I limit my users to 200 and get about one user per month showing up in my logs that tries exceed it.
     
  3. Dragon2611

    Dragon2611 LI Guru Member

    Ideally i'd love to write an Iptables script that matches the Source IP with an L7 filter then allows it if the rule exists and blocks it if it doesn't
     
  4. lexluthor

    lexluthor Network Guru Member

    Bittorrent, at least, allows for encrypted connections. I think that'll defeat the l7 and I2pp filters.
     
  5. Dragon2611

    Dragon2611 LI Guru Member

    I know although i have a http filter for the words announce and bittorent to try and help against that but that's the problem filtering p2p clients can be a real pita.
     
  6. Toastman

    Toastman Super Moderator Staff Member Member

    L7 filters don't work well for me. I stopped using them long ago. I now set rules to *allow* those applications I want to pass, and let P2P fall through the net into the unclassified category. I then set that to lowest, and shape it accordingly. It is the only way I can trap most P2P traffic.

    Inevitably, some of it creeps into higher priority bands on occasions, but that doesn't usually cause too much trouble.
     

Share This Page