LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-05-2011, 06:04 AM   #1
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297
Limit incoming HTTP bandwith usage with IPTABLES


Hello guys,

I'm not proficient enough to find a solution for the above mentioned problem so I'm turning to you people.

Can I, with only the use of IPTABLES, limit the incoming bandwith for a protocol? We have for example servers that have a FTP and HTTP server running and whenever HTTP has a lot of connections open, the other uploads/downloads get a timeout.

I know I can limit the number of connections but prefer to limit on protocol level.

Is this possible using IPTABLES and if so, can someone indicate how to proceed or provide a link? If it's not possible can someone point me to the right tool for the job?

Kind regards,

Eric
 
Old 04-05-2011, 08:29 AM   #2
corp769
LQ Guru
 
Registered: Apr 2005
Location: /dev/null
Posts: 5,818

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
Hey Eric,

http://www.szabilinux.hu/bandwidth/index.html
This was the very first thought/link that I had for you before, just getting around to posting it now. I'm afraid after wondering myself and researching, you can not throttle directly only using iptables. Tc is the way you want to go, sorry bro....

Cheers,

Josh
 
1 members found this post helpful.
Old 04-05-2011, 08:32 AM   #3
corp769
LQ Guru
 
Registered: Apr 2005
Location: /dev/null
Posts: 5,818

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
Just another link... I think this is your best bet, IMO. http://sourceforge.net/projects/cbqinit/
 
1 members found this post helpful.
Old 04-05-2011, 08:36 AM   #4
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805

Original Poster
Blog Entries: 1

Rep: Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297
Hi Josh,

Thanks for pointing them out. Seems like tc is installed per default on our servers so that would work out. I'm gonna have a look at cbq.init and see if it does what I need. Never worked with tc before so that'll be quite the experience. If somebody has other ideas, keep in mind that I'm trying to avoid installing additional packages because I have to document them thoroughly.

Kind regards,

Eric
 
1 members found this post helpful.
Old 04-05-2011, 08:42 AM   #5
corp769
LQ Guru
 
Registered: Apr 2005
Location: /dev/null
Posts: 5,818

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
No problem dude. Hopefully someone else out there might know a bit more information about this.

Cheers,

Your bestest friend on LQ, Josh
 
Old 05-05-2011, 01:06 AM   #6
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805

Original Poster
Blog Entries: 1

Rep: Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297
Hi,

Finally ended up using cbq.init which does what I need (after trying and testing and trying and ....).

Kind regards,

Eric
 
1 members found this post helpful.
Old 05-05-2011, 06:21 PM   #7
corp769
LQ Guru
 
Registered: Apr 2005
Location: /dev/null
Posts: 5,818

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
Quote:
Originally Posted by EricTRA View Post
Hi,

Finally ended up using cbq.init which does what I need (after trying and testing and trying and ....).

Kind regards,

Eric
Oh nice. Did you have to fully customize everything?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
bandwith limit per user razzera Debian 1 01-08-2011 04:51 AM
Limit bandwith on interface Tux-Slack Slackware 1 02-06-2008 02:27 PM
Limit incoming smtp connection by ip using iptables lynksinc Linux - Security 4 11-03-2005 12:27 PM
Iptables Bandwith Limit av0 Linux - Networking 4 03-29-2004 06:36 AM
Limit bandwith for routers Xenoide Linux - Networking 2 04-24-2002 07:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration