Re: How to limit maximum number of TCP connections

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday, 28. June 2012. 1.27.10 jdow wrote:
> On 2012/06/28 01:24, Jatin K wrote:
> > On 06/28/2012 01:33 PM, jdow wrote:
> >> On 2012/06/27 23:27, Jatin K wrote:
> >>> On 06/28/2012 11:32 AM, Ed Greshko wrote:
> >>>> On 06/28/2012 01:27 PM, Jatin K wrote:
> >>>>> well..... suppose I've 5 clients in my office ( say A,B, C, D, E ) and
> >>>>> a
> >>>>> linux box
> >>>>> which is working as a router ( gateway ), I want  to allow only 4
> >>>>> concurrent pcs to
> >>>>> access the Internet, say if A,B,C,D is using internet then fifth
> >>>>> client E can not
> >>>>> access the internet until any of previous connected clients ( A,B,C,
> >>>>> or D)
> >>>>> gets
> >>>>> disconnected/session ended
> >>>> 
> >>>> Define "access internet".....
> > 
> > if it can be achieved by proxy (squid like)  .. I can suggest them
> 
> In theory it can. In practice it cannot unless users are forcibly timed
> out after X seconds of connect time and then locked off for a period to
> prevent them from logging right back in. Without knowledge of precisely
> what is wanted you cannot answer the homework question, Charlie.

Sorry for jumping in late into this thread, but did anyone suggest to use a 
custom dhcp configuration?

For example:
(1) get the firewall configured so that only machines with IPs from the dhcp 
pool get access to the net;
(2) having 5 machines (or more), configure dhcp to have a pool of only 4 IP 
numbers;
(3) make the dhcp lease expire fast and refuse lease renewal from clients (ie. 
force them to ask again for a new IP once their lease expired).

This should technically allow only 4 machines to access the internet at the 
time, regardless of how many of them are hooked into the LAN. You can tweak 
the lease validity time as you see fit (5 minutes, 1 hour, etc...) which gives 
a definition to the term "accessing Internet".

The clients will be competing for IP numbers, and the choice who will have 
access at a given moment will be pretty random. What you guarantee is that no 
more than 4 machines are allowed access at a time.

Beware also that when the lease for a given machine expires, it will be cut off 
the net possibly in the middle of some work, and even if it does immediately 
get a new lease it will have to reestablish all open connections using the new 
IP. This will break most of the stateful Internet traffic, like being logged 
into gmail or similar. This will happen periodically, without the ability of 
the user to have any control. So the Internet access will be jerky even for 
those 4 machines that do get a lease from dhcp server.

Having said all that, I would personally kick out of my company any sysadmin 
who would actually try to implement such an insane configuration. But for the 
proof-of-concept purposes, I think what you are asking for can be done in this 
way.

HTH, :-)
Marko



-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org


[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux