Ever wondered why the Internet Download Managers give faster download speed? Most of the Internet Download Managers like IDM and DAP try to establishes multiple parallel connections that’s why the user experiences faster download speed. On the other hand the number of connections multiplied by the number of users using parallel connections at once for different uses can take your server down. Multiple users in a network using modern web browsers which use multiple connections to speed up browsing and in addition to that using download managers which establishes parallel connections from the server can badly bring the server down. If you are working in a larger it will become a necessity that you limit the connections per IP to equally satisfy every user. The number of connections coming from a single IP are reduced to the desired number to avoid traffic flooding. This method of reducing the maximum number of connections per IP will be useful for the servers for file sharing sites.
That’s not all there is to be known about connections from a server. Most of the modern web browsers also use multiple connections to speed up the browsing. So it is always a good exercise to limit. But still it is not Good that you limit your connections to just one per IP address. This will slow down your speed and you will feel that your website is too slow. Generally almost all servers are by default set to maximum 20 connections but it is actually up to the admin’s will that how many he wants. However there is no specific number of connections an admin needs to set. We’ll show you a way you can restrict the number of connection for a server (via port 80).
In this context when I say server I mean Virtual Private Server (VPS) also called dedicated server. In this tutorial first we will discuss Ubuntu-based server but managing other servers should also be similar. Not exactly the same but similar.
FIREWALL CONFIG: USING IPTABLES
Make sure you follow the following steps to limit the connections in your server.
Step-1) Login to your server via SSH. I assume that if you are reading this tutorial you already know how to do that.
Step-2) Now issue the following command to the iptables restrict the connection to the C number of connections. Here the number of connections you want is written as “C”. Following is the default command syntax for Firewall Configuration.
“iptables-A INPUT -p tcp --syn--dport $port -m connlimit--connlimit-above C-j REJECT--reject-with tcp-reset”
Now change the $port to the number of connections you want to limit your server to. Change to 80 for http and to 22 for SSH if you have never changed it. Here is an example of how to limit the maximum allowed connections to 20.
iptables-A INPUT-p tcp--syn--dport 80 -m connlimit--connlimit-above 20-j REJECT--reject-with tcp-reset
Here is an example for the command
Following is the command of how to limit the allowed SSH connections per IP to only 3.
iptables-A INPUT-p tcp--syn--dport 22 -m connlimit--connlimit-above 3-j REJECT
OR the following syntax for RedHat and Friends.
/sbin/iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset Step-3) Once you have done this you may also need to save the configuration. While working in RedHat and Friends you can use this command.
- Service iptables save
If you want to save the currently active iptables rule to a file us this command for Ubuntu, Debian and Friends.
- iptables-save > /etc/iptables.up.rules
Step-4) The above commands will make sure that your work is done but the iptables rules will get flushed every time the server is rebooted. This is a problem because if it happens every time your server is rebooted you will have to do the whole process all over again. So, to stop this from happening and saving the changes you made in the iptables rules, you may also need to type the following commands.
First and foremost let’s create a new file that gets called, everytime you enable the network interface this file will save all the changes you make in the iptables rules.
- nano /etc/network/if-pre-up.d/iptables
Once the nano text editor is launched, type in the following lines to reload the iptables rules
- /sbin/iptables-restore < /etc/iptables.up.rules
When done hit ctrl+O and the ctrl+X to exit nano editor. Now all is almost done you just need to set +x permission so that the newly created file in the nano editor can be executed. Type in the following command.
- chmod +x /etc/network/if-pre-up.d/iptables
So this is it by following step 3-4 your configurations will retain and be reloaded whenever the server is rebooted you can limit your server to create connections to a number you desire so that you can manipulate your downloading speed as you wish and your server will never be down. By doing this your website will never be running slow and you can distribute your desired number of connections among the users to make your server run properly under heavy load.
Now to summarize all the steps so far login to your server as shown in step one, type in the command as shown in step two choose the number of connections you want to allow per IP address to the user, now to keep your changes intact such that whenever the server reboots your changed rules remain as u wished them to be, follow step 3-4 and you will be able to manipulate your connections as you wish. This is pretty much it.
OTHER USEFUL IPTABLES COMMANDS
- How to see the current Iptables? Type in “iptables-L” and it will show all the current iptables. The output will look like this
- If you want to flush all the changes made to the iptables and bring back the default configurations. Type in “iptables-F” and it will flush out the changes in the iptables rules