Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to use IPTable to limit Bandwith connection?

Posted on 2008-10-16
10
Medium Priority
?
541 Views
Last Modified: 2013-11-16
How to use IPTable to limit Bandwith connection:
- On each Port
- On each IP of client

My server have 10MBs NIC, I want limit port 80 (of webserver) with only 5MBs (In and out)
And each IP client connect to server has only 100KBs max

Here is my original IP table: /etc/sysconfig/iptables :
----------------------------
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type 8 -j DROP
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
----------------------------

Thanks in advanced!
0
Comment
Question by:star6868
  • 4
  • 2
  • 2
8 Comments
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22728828
You have to check out HTB and CBQ as IPtables does not manage bandwidth.
0
 

Author Comment

by:star6868
ID: 22729061
Sorry what are they:
HTB ?
CBQ ?
0
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22729071
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 

Author Comment

by:star6868
ID: 22748287
sorry, but Is there an easier way?
0
 

Author Comment

by:star6868
ID: 22810584
Is there any iptable script to do this?
:)
0
 
LVL 2

Expert Comment

by:easyDK
ID: 23058788
It's not this simple...
Are you using kernel from distro, or are you able to build your own custom kernel from sources?
0
 

Author Comment

by:star6868
ID: 23063355
@ easyDK:
I have not yet :(
I need learn to do this?


0
 
LVL 2

Accepted Solution

by:
easyDK earned 2000 total points
ID: 23063510
Don't be lazy andread that doc in that link above, as it is really interesting thing.
Anyhow, iptables, unless patched as well as kernel, by default don't do much concerning traffic shaping.
Better from this point of view is using iproute package. For really quick start, in order to get taste, try this:

http://www.smidsrod.no/products/firewall/supershaper/

and script itself.
http://files.smidsrod.no/supershaper-start
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month15 days, 5 hours left to enroll

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question