IPLIMIT ?

[Raj]

HI, I badly require to control the no. of conns per host to a server.
I would really appreciate it if any IPtables Guru could show me the way..

Would the following rule allow only 2 conns per host in the block
192.168.10.0/24 OR allow in total 2 conns from any of the hosts in the
range...ie. one from 192.168.10.1 and the other from 192.168.10.11 and no
more conns from any host?

iptables -A FORWARD -s 192.168.10.0/24 -d 192.168.1.25 -p tcp --syn
--dport 25 -m iplimit --iplimit-above 2 -j REJECT

If not what would be the correct rule for my requirment?

Cheers,
Raj

On Fri, 4 Jan 2002, Raj wrote:

> HI,
> I am interested in limiting simultaneous connections from each host/IP in
> a IP net range to a service/port of my internal server. I have iplimit
> compiled into my kernel as a module from p-o-m and loads perfectly as
> seen with a 'lsmod'. RH7.2/2.4.9-13custom, IPtables 1.2.4-2/p-o-m
>
> The following rule does not serve as desired and does not allow any
> connection at all to the server from any host in the source net range.
>
> iptables -A FORWARD -s 192.168.10.0/24 -d 192.168.1.25 -p tcp --syn
> --dport 25 -m iplimit --iplimit-above 2 -j REJECT
>
> And when I apply the following rule (one source host only), it does allow
> connections from it but even more conns (>2) than the allowed limit...ie.
> the iplimit does not kick in.
>
> iptables -A FORWARD -s 192.168.10.10 -d 192.168.1.25 -p tcp --syn
> --dport 25 -m iplimit --iplimit-above 2 -j REJECT
>
> My goal is to allow only 2 conns from a  host in the given source net
> range.
> How can I achieve this...OR is anything missing out on the above commands?
>
> Thanks in advance...
>
> Cheers,
> Raj
>
>