Solved

How to use IPTable to limit Bandwith connection?

Posted on 2008-10-16
10
524 Views
Last Modified: 2013-11-16
How to use IPTable to limit Bandwith connection:
- On each Port
- On each IP of client

My server have 10MBs NIC, I want limit port 80 (of webserver) with only 5MBs (In and out)
And each IP client connect to server has only 100KBs max

Here is my original IP table: /etc/sysconfig/iptables :
----------------------------
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type 8 -j DROP
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
----------------------------

Thanks in advanced!
0
Comment
Question by:star6868
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
10 Comments
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22728828
You have to check out HTB and CBQ as IPtables does not manage bandwidth.
0
 

Author Comment

by:star6868
ID: 22729061
Sorry what are they:
HTB ?
CBQ ?
0
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22729071
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 

Author Comment

by:star6868
ID: 22748287
sorry, but Is there an easier way?
0
 

Author Comment

by:star6868
ID: 22810584
Is there any iptable script to do this?
:)
0
 
LVL 2

Expert Comment

by:easyDK
ID: 23058788
It's not this simple...
Are you using kernel from distro, or are you able to build your own custom kernel from sources?
0
 

Author Comment

by:star6868
ID: 23063355
@ easyDK:
I have not yet :(
I need learn to do this?


0
 
LVL 2

Accepted Solution

by:
easyDK earned 500 total points
ID: 23063510
Don't be lazy andread that doc in that link above, as it is really interesting thing.
Anyhow, iptables, unless patched as well as kernel, by default don't do much concerning traffic shaping.
Better from this point of view is using iproute package. For really quick start, in order to get taste, try this:

http://www.smidsrod.no/products/firewall/supershaper/

and script itself.
http://files.smidsrod.no/supershaper-start
0

Featured Post

How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question