Hi! My problem is not related to that. I think so ... ;) What I want to achieve is fix bandwidth 512 kbps and not fix connection rate (like 512K connections per sec)? I want to use hashlimit for this purpose as from iptables 1.4.15 hashlimit has feature of including bit rate also in the hashlimit. However, I am not able to achieve that bandwidth limit with hashlimit. My observations mentioned in my initial mail is all in this regard only. Thanks and Regards, -Akshat On Sat, Aug 30, 2014 at 9:30 PM, Payam Chychi <pchychi@xxxxxxxxx> wrote: > http://comments.gmane.org/gmane.comp.security.firewalls.netfilter.general/35045 > > > -- > Payam Chychi > Network Engineer / Security Specialist > > On Friday, August 29, 2014 at 11:26 PM, Akshat Kakkar wrote: > > I might be bothering too muchbut I am not able to find any info on > this on google. Looks like everyone is happy using hashlimit for > bandwidth control and I am the only one in the desert trying to > survive. Please help. > > On 28/08/2014 6:42 pm, "Payam Chychi" <pchychi@xxxxxxxxx> wrote: > > > This is an old and well covered item, google can be of help > > You wont get the required results hashlimit takes your clockspeed into > account... Amongs a few others. > > Kindly google > > -- > Payam Chychi > Network Engineer / Security Specialist > > On Thursday, August 28, 2014 at 1:33 AM, Akshat Kakkar wrote: > > > Hi! > > > I want to use hashlimit for giving all my users a fix set of bandwidth > of 512kbps for accessing internet. > > > I am using following command. > > > # allowing return packets so that rate limiting is done only on forward > packets. > > iptables -A FORWARD -s 192.168.192.168 -j ACCEPT > > # If limit is upto 512 then allow > > iptables -A FORWARD -m hashlimit --hashlimit-name test512 > --hashlimit-mode srcip --hashlimit-htable-size 1000 > --hashlimit-htable-max 1000 --hashlimit-upto 64kb/s --hashlimit-burst > 128kb -j ACCEPT > > # else drop > > iptables -A FORWARD -j DROP > > > I am not observing the expected behaviour. > > I am sending ping of 100 bytes continously at 10 msec interval. > > What I observed is , I got back reply of only first 2 pings and for > remaining there is no reply. Nest reply came only after 103 Seconds > !!! and that too only a single reply. > > > output of iptables -L -n -v also shows only 2 packets matching this rule. > > > output of command cat /proc/net/ipt_hashlimit/test512 come like > > > 59 10.10.10.10:0->192.168.192.168:0 764416 6688000 3328000 > > the number 764416 keeps on increasing but not observed any reply till > it reaches the value of 3328000. But it takes huge time (~103 Seconds) > to reach that value. > > > Can anyone please explain all this behaviour ? > > > Thank you . > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
