Solved

How to use IPTable to limit Bandwith connection?

Posted on 2008-10-16
10
520 Views
Last Modified: 2013-11-16
How to use IPTable to limit Bandwith connection:
- On each Port
- On each IP of client

My server have 10MBs NIC, I want limit port 80 (of webserver) with only 5MBs (In and out)
And each IP client connect to server has only 100KBs max

Here is my original IP table: /etc/sysconfig/iptables :
----------------------------
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type 8 -j DROP
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
----------------------------

Thanks in advanced!
0
Comment
Question by:star6868
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
10 Comments
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22728828
You have to check out HTB and CBQ as IPtables does not manage bandwidth.
0
 

Author Comment

by:star6868
ID: 22729061
Sorry what are they:
HTB ?
CBQ ?
0
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22729071
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 

Author Comment

by:star6868
ID: 22748287
sorry, but Is there an easier way?
0
 

Author Comment

by:star6868
ID: 22810584
Is there any iptable script to do this?
:)
0
 
LVL 2

Expert Comment

by:easyDK
ID: 23058788
It's not this simple...
Are you using kernel from distro, or are you able to build your own custom kernel from sources?
0
 

Author Comment

by:star6868
ID: 23063355
@ easyDK:
I have not yet :(
I need learn to do this?


0
 
LVL 2

Accepted Solution

by:
easyDK earned 500 total points
ID: 23063510
Don't be lazy andread that doc in that link above, as it is really interesting thing.
Anyhow, iptables, unless patched as well as kernel, by default don't do much concerning traffic shaping.
Better from this point of view is using iproute package. For really quick start, in order to get taste, try this:

http://www.smidsrod.no/products/firewall/supershaper/

and script itself.
http://files.smidsrod.no/supershaper-start
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question