November 22nd, 2004, 01:43 PM
cisco nat limit max request per pc per port
I share an aDSL connection with a couple people in my house. In the evening, I tend to play some online games in which upstream bandwidth is very important. I had posted about my router keeping "tons of dynamic nat entries" in memory and not clearing them out frequently enough. I thought this was slowing me down and causing my router to mess up. It was therefore affecting my ping on the game server. I was wrong. The router was right.
I found out that someone who is on my network has a habbit of visiting dozens of pr0n sites later in the evening and downloading large pictures and video clips. I don't have a problem with that... what I have a problem with is... he is downloading dozens of clips at a time slowing the connection down. We share the connection but I pay for it. I don't want to cut him off... but I want to frag and he is eating up the bandwidth.
I'm using the latest and greatest Cicso IOS 12.3.xT on a Cisco Broadband 831 router.
(it does not have the QoS included in this image... I need to get more flash to get that image. )
Is there any way for me to limit the max connections from a certain IP to certain ports?
example: limit max port 80 connections to 10. etc.
Or, is there a way for me to shape the traffic or give certain protocols priority?
I've seen tutorials on how to shape traffic and limit connections using a linux box... and that will be my last resort. I'd like to try to resolve this with current hardware, just modify the config, if possible.
Thanks in advance!
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
November 22nd, 2004, 03:20 PM
Could you let me see the results of show ip route and ip config?
Also, is the client in question wired or wireless?
November 22nd, 2004, 04:02 PM
Phish, use a transparent Squid proxy with delay pools. You can basically set the bandwidth exactly the way you want it.
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
November 23rd, 2004, 04:13 PM
rate limiting NAT translation
A pity that your image does not support QoS. However, I don't know whether it would
help you for your specific problem. I only used it for increasing the quality of VoIP and, hey,
However, there might be another solution, assuming you have enabled NAT ...
Cisco IOS >12.3.4T supports rate limiting NAT translation, with which you can limit
the maximum number of "NAT ports" ( ) per specific host or even access control list.
One interesting feature of it is the detection of virii/worms, which tend to spread
themselves around, opening many connections.
So you could try to restrict the max number of
NAT entries to 8 for a specific host (not so nice) :
or, maybe better, limit it for a specific access control list. For example: the
ip nat translation max-entries host 192.168.1.xxx 8
access-list 100 will be limited to 4 concurrent connections:
That access control list could look like
ip nat translation max-entries list 100 4
or something more appropriate.
access-list 100 permit tcp 192.168.1.xxx any eq 80
/edit: here it is
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)