I have a server on which I have done port forwarding. This means that each user connects to the server with a dedicated port and the traffic sent by the user is directed to the remote server. I used the following command to do the forward port and it works well
iptables -t nat -A PREROUTING -p tcp --dport 8090 -j DNAT --to-destination remote_ip:8090
iptables -t nat -A POSTROUTING -j MASQUERADE
To further monitor and control traffic consumption on my server, I want to set a limit for each port. That is, each user connects to the server with 2 IPs. If there is more than 2 IPs, the user will be disconnected. I do this to prevent abuse. I try these codes :
iptables -A FORWARD -p tcp --syn --dport 8090 -m connlimit --connlimit-above 2 -j DROP
Then I connected to the server with two different IPs at the same time, i was expecting the IP limit to work and one of my connections to be disconnected but both IPs were connected and this command did not work. Is it possible to set the IP limit for forwarding trafic in iptables?
2 is not above 2.
--connlimit-above 2. That means it matches on the third connection.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.