Solved

How to use IPTable to limit Bandwith connection?

Posted on 2008-10-16
10
510 Views
Last Modified: 2013-11-16
How to use IPTable to limit Bandwith connection:
- On each Port
- On each IP of client

My server have 10MBs NIC, I want limit port 80 (of webserver) with only 5MBs (In and out)
And each IP client connect to server has only 100KBs max

Here is my original IP table: /etc/sysconfig/iptables :
----------------------------
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type 8 -j DROP
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
----------------------------

Thanks in advanced!
0
Comment
Question by:star6868
  • 4
  • 2
  • 2
10 Comments
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22728828
You have to check out HTB and CBQ as IPtables does not manage bandwidth.
0
 

Author Comment

by:star6868
ID: 22729061
Sorry what are they:
HTB ?
CBQ ?
0
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22729071
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:star6868
ID: 22748287
sorry, but Is there an easier way?
0
 

Author Comment

by:star6868
ID: 22810584
Is there any iptable script to do this?
:)
0
 
LVL 2

Expert Comment

by:easyDK
ID: 23058788
It's not this simple...
Are you using kernel from distro, or are you able to build your own custom kernel from sources?
0
 

Author Comment

by:star6868
ID: 23063355
@ easyDK:
I have not yet :(
I need learn to do this?


0
 
LVL 2

Accepted Solution

by:
easyDK earned 500 total points
ID: 23063510
Don't be lazy andread that doc in that link above, as it is really interesting thing.
Anyhow, iptables, unless patched as well as kernel, by default don't do much concerning traffic shaping.
Better from this point of view is using iproute package. For really quick start, in order to get taste, try this:

http://www.smidsrod.no/products/firewall/supershaper/

and script itself.
http://files.smidsrod.no/supershaper-start
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SONICWALL tz100 PASS THROUGHT TO SBS 2 60
Blocking  of URL on mcafee sidewinder firewall 3 57
Firewall question 5 93
Linksys LRT 224 forward 3 42
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question