Use iptables in CentOS to speed up and limit the number of connections per IP address

Step 1: Establish an adsl connection, which is available in System Settings & mdash; network settings. It is easy to handle in the graphic interface. Step 2: Open IP forwarding and disguise (that is, routing and NAT) 1. open the/etc/sysconfig/network file as the root user and add the following line to the file: GATEWAYDEV = PPP0 is used to set the default route. sometimes it is unavailable. 2. enable the IP forwarding function: Enable/etc/

Step 1: Establish an adsl connection, which is available in system settings-network settings. It is easy to handle in the graphic interface.

Step 2: enable IP forwarding and disguise (that is, routing and NAT)

1. open the/etc/sysconfig/network file as the root user and add the following line to the File: GATEWAYDEV = PPP0. this line sets the default route.

2. enable IP forwarding: Open the/etc/sysctl. conf file, modify net. ipv4.ip _ forward = 0, and change 0 to 1.

3. restart the system. Step 3: Set the iptables firewall to determine which IP addresses can access the Internet through the linux host. The following uses the allowed CIDR block 192.168.0.0 as an example:

(1) open the terminal and enter the following command at the # prompt:

Iptables-t nat-I POSTROUTING-o ppp0-j MASQUERADE #

IP iptables-a forward-s 192.168.0.0/24-j ACCEPT #

Iptables-a forward-d 192.168.0.0/24-j ACCEPT #

Iptables-a forward-s! 192.168.0.0/24-j DROP # This statement indicates that communication without the IP address range 192.168.0.0 is denied.

(2) save the above firewall rules to ensure that the following command iptables-save>/etc/sysconfig/iptables is also valid after restart, so that your linux router can run.

PS: all commands must be case sensitive. Speed limit implementation: In linux, there is a special speed limit software-tc, but it is difficult for new users to grasp the TC syntax, on the firewall, we can limit the speed by limiting the number of packets that a certain IP address or segment of IP addresses pass in one second. The following takes the IP address 192.168.0.2 as an example. Open/etc/syscofngi/iptables in the desktop environment and check whether all the settings are recorded in this file. now you can add rules in this file.

1. first find the filter

2. add the following two rows under the filter row:

-A forward-m limit-d 192.168.0.2 -- limit 30/sec-j ACCEPT # This statement indicates that only 30 packets that reach 192.168.0.2 are forwarded per second (about 45KB, one packet is 1.5KB ).)

-A forward-d 192.168.0.2-j DROP # This statement is used to indicate that packets that have reached 192.168.0.2 fail)

(3) restart the system to achieve the speed limit.

(4) restrict the upload speed. change d in the above two items to s. Limit the number of connections per ip address. the kernel is over 2.3. Otherwise, the conlimit patch must be used to re-compile the kernel.

Iptables-I FORWARD-p tcp-s 192.168.0.0/24-m connlimit -- connlimit-abve 20-j REJECT

Iptables-I INPUT-p tcp-s 192.168.0.0/24-m connlimit -- connlimit-abve 20-j REJECT