How to limit maximum number of TCP connections
Marko Vojinovic
vvmarko at gmail.com
Thu Jun 28 12:33:58 UTC 2012
On Thursday, 28. June 2012. 1.27.10 jdow wrote:
> On 2012/06/28 01:24, Jatin K wrote:
> > On 06/28/2012 01:33 PM, jdow wrote:
> >> On 2012/06/27 23:27, Jatin K wrote:
> >>> On 06/28/2012 11:32 AM, Ed Greshko wrote:
> >>>> On 06/28/2012 01:27 PM, Jatin K wrote:
> >>>>> well..... suppose I've 5 clients in my office ( say A,B, C, D, E ) and
> >>>>> a
> >>>>> linux box
> >>>>> which is working as a router ( gateway ), I want to allow only 4
> >>>>> concurrent pcs to
> >>>>> access the Internet, say if A,B,C,D is using internet then fifth
> >>>>> client E can not
> >>>>> access the internet until any of previous connected clients ( A,B,C,
> >>>>> or D)
> >>>>> gets
> >>>>> disconnected/session ended
> >>>>
> >>>> Define "access internet".....
> >
> > if it can be achieved by proxy (squid like) .. I can suggest them
>
> In theory it can. In practice it cannot unless users are forcibly timed
> out after X seconds of connect time and then locked off for a period to
> prevent them from logging right back in. Without knowledge of precisely
> what is wanted you cannot answer the homework question, Charlie.
Sorry for jumping in late into this thread, but did anyone suggest to use a
custom dhcp configuration?
For example:
(1) get the firewall configured so that only machines with IPs from the dhcp
pool get access to the net;
(2) having 5 machines (or more), configure dhcp to have a pool of only 4 IP
numbers;
(3) make the dhcp lease expire fast and refuse lease renewal from clients (ie.
force them to ask again for a new IP once their lease expired).
This should technically allow only 4 machines to access the internet at the
time, regardless of how many of them are hooked into the LAN. You can tweak
the lease validity time as you see fit (5 minutes, 1 hour, etc...) which gives
a definition to the term "accessing Internet".
The clients will be competing for IP numbers, and the choice who will have
access at a given moment will be pretty random. What you guarantee is that no
more than 4 machines are allowed access at a time.
Beware also that when the lease for a given machine expires, it will be cut off
the net possibly in the middle of some work, and even if it does immediately
get a new lease it will have to reestablish all open connections using the new
IP. This will break most of the stateful Internet traffic, like being logged
into gmail or similar. This will happen periodically, without the ability of
the user to have any control. So the Internet access will be jerky even for
those 4 machines that do get a lease from dhcp server.
Having said all that, I would personally kick out of my company any sysadmin
who would actually try to implement such an insane configuration. But for the
proof-of-concept purposes, I think what you are asking for can be done in this
way.
HTH, :-)
Marko
More information about the users
mailing list