How to limit maximum number of TCP connections

Thu Jun 28 08:19:37 UTC 2012

On 2012/06/28 00:02, Jatin K wrote:
> On 06/28/2012 12:11 PM, Joe Zeff wrote:
>> On 06/27/2012 11:27 PM, Jatin K wrote:
>>>>
>>> how can you prove its wrong ... they need this kind of configurations,
>>> and my duty is to provide the solutions what they need if its possible....
>>>
>>>      I don't know the solution/configuration requirement to fulfill
>>> their desire, thats why I'm asking the solutions to this list where so
>>> many experts like you are available. If this is wrong then I'm really sorry
>>
>> Personally, I doubt that limiting the number of boxes that can access the
>> Internet at any one time is their ultimate goal.
>
> yes ... the want to allow only desired concurrent PCs to use the Internet/Local
> LAN ( pass through the router )
>
>
>>   They probably have something different in mind and have decided that this is
>> the way to get it.  If I were you, I'd ask them what it is they're trying to
>> accomplish,
>
> I've tried a lot to get the matter to be understood ... but finally I came to
> this conclusion that " the do not want to allow more then 90 concurrent
> users/PCs to communicate to  Internet/Local LAN "
>
>
>> because there's probably a better, simpler, easier way to do it.
> thats why I'm here ..to get the best possible solution

As stated there is, technically speaking, no solution let alone a best
possible solution. As I noted, with internet browsing a person sitting
reading an MSNBC page of drivel is not "connected". The connections are
all done and over with. I realize most people seem to think their browser
is their connection to the network. If it's not up then it must not be
connected. 'Tain't so. You can have periods of no connection even if you
have a browser open and are actively reading a page.

On the local lan to local lan connections, if any, no such limit is feasible
given the behaviors of the various SAMBA or NFS type protocols in use for
shared disks and files.

About the only semi-feasible means of doing this might be to setup a
virtual lan through a proxy with a limited number of concurrent logins
permitted. That is subject to the hogging effect Mr. Greshko mentioned.
So you'd have to put an arbitrary logout on the proxy after X minutes
of inactivity. So the bozo logs into a news site that has pages that
automatically refresh every few minutes and you get hogging again.

You REALLY REALLY need to 1) walk away from this nonsense customer or
2) embark on a serious education program and determine what the real
goal is. Is the idea to keep the network uncongested? Is it to make sure
at least some of the people are minding the store? Is it some misguided
security policy? Is it simply to make your life miserable when you've
spent a lot of time and money on his project and he refuses to pay you
because you cannot make a practical limitation such as he asks for?

Note that this is what Earthlink used to do AGES ago when I first got
on the internet via Sky Dayton's newly created ISP. I solved it with
background tasks that kept traffic flowing. The Earthlink timers never
timed out. But if they did I also automatically logged back in. This
was in the dial-up days. (It was back in the days that more than year
long uptimes were feasible and fashionable with Red Hat Linuxes. But
that is another story. UPSs to pieces I love!)

{^_^}