Resonable Number of connections?

Discussion in 'Tomato Firmware' started by Dragon2611, Mar 31, 2008.

    Noticed with the Script generator you can set the limit of The number of connections for a specific client.

    Anyone know what a resonable value would be if I wanted browsing, Msn to work (inc webcam/file transfer).

    There was 1 machine with about 200 connections open, most of them with IP's that resolve to home ISP's which makes me wander if they were using p2p even though I had l7 and I2pp setup.

    Moved that pc back to the range which most ports blocked (I'd previously moved it to allow all ports and rely on the l7/i2pp filters as the limited port range tends to upset the MSN webcam feature)

    It seems I can't just open up the MSN webcam ports either since that's most of the sodding upper port range :angry:
    On my corporate network I limit my users to 200 and get about one user per month showing up in my logs that tries exceed it.
    Ideally i'd love to write an Iptables script that matches the Source IP with an L7 filter then allows it if the rule exists and blocks it if it doesn't
    Bittorrent, at least, allows for encrypted connections. I think that'll defeat the l7 and I2pp filters.
    I know although i have a http filter for the words announce and bittorent to try and help against that but that's the problem filtering p2p clients can be a real pita.
    L7 filters don't work well for me. I stopped using them long ago. I now set rules to *allow* those applications I want to pass, and let P2P fall through the net into the unclassified category. I then set that to lowest, and shape it accordingly. It is the only way I can trap most P2P traffic.

    Inevitably, some of it creeps into higher priority bands on occasions, but that doesn't usually cause too much trouble.
