Results 1 to 4 of 4

Thread: cisco nat limit max request per pc per port

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002

    cisco nat limit max request per pc per port

    I share an aDSL connection with a couple people in my house. In the evening, I tend to play some online games in which upstream bandwidth is very important. I had posted about my router keeping "tons of dynamic nat entries" in memory and not clearing them out frequently enough. I thought this was slowing me down and causing my router to mess up. It was therefore affecting my ping on the game server. I was wrong. The router was right.

    I found out that someone who is on my network has a habbit of visiting dozens of pr0n sites later in the evening and downloading large pictures and video clips. I don't have a problem with that... what I have a problem with is... he is downloading dozens of clips at a time slowing the connection down. We share the connection but I pay for it. I don't want to cut him off... but I want to frag and he is eating up the bandwidth.

    I'm using the latest and greatest Cicso IOS 12.3.xT on a Cisco Broadband 831 router.
    (it does not have the QoS included in this image... I need to get more flash to get that image. )

    Is there any way for me to limit the max connections from a certain IP to certain ports?
    example: limit max port 80 connections to 10. etc.

    Or, is there a way for me to shape the traffic or give certain protocols priority?

    I've seen tutorials on how to shape traffic and limit connections using a linux box... and that will be my last resort. I'd like to try to resolve this with current hardware, just modify the config, if possible.

    Thanks in advance!
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Third planet from the Sun

    Could you let me see the results of show ip route and ip config?

    Also, is the client in question wired or wireless?

  3. #3
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Phish, use a transparent Squid proxy with delay pools. You can basically set the bandwidth exactly the way you want it.

    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  4. #4
    Senior Member
    Join Date
    Mar 2004

    rate limiting NAT translation


    A pity that your image does not support QoS. However, I don't know whether it would
    help you for your specific problem. I only used it for increasing the quality of VoIP and, hey,
    it worked.

    However, there might be another solution, assuming you have enabled NAT ...
    Cisco IOS >12.3.4T supports rate limiting NAT translation[1], with which you can limit
    the maximum number of "NAT ports" ( ) per specific host or even access control list.
    One interesting feature of it is the detection of virii/worms, which tend to spread
    themselves around, opening many connections.

    So you could try to restrict the max number of
    NAT entries to 8 for a specific host (not so nice) :

    ip nat translation max-entries host 192.168.1.xxx 8
    or, maybe better, limit it for a specific access control list. For example: the
    access-list 100 will be limited to 4 concurrent connections:

    ip nat translation max-entries list 100 4
    That access control list could look like

    access-list 100 permit tcp 192.168.1.xxx any eq 80
    or something more appropriate.


    /edit: here it is
    [1] http://www.cisco.com/en/US/products/...0801d09f0.html
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts