Hello!
I've read a lot of mail archives, but can't find solutions for my problem.
I have router with about 700 users. I'm using HTB with SFQ leaf qdiscs for every user (client ip). So, different IP can have its own rate limit.
This scheme ir working fine for a long time. But how can I limit number of connections (sessions) from one host? I see from ip_conntrack that some of users have more than 1000 active connections (mostly P2P udp).
As I know there is connlimit patch for iptables, but it capable to limit only tcp sessions. And there is ESFQ qdisc, allowing to divide bandwidth more fairly, but inside one class.
In my case every user have its own class and I'm not able to control how many connections simultaneously they do implementy ESFQ! Also I don't understand how to deal with it from iptables side - connlimit will not help with UDP.
What can be done in my case?
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
