Need help with iptables -m limit --limit x/sec and understand Burst rate !
by dr.x from LinuxQuestions.org on (#4RFBB)
Hello Folks ,
i have a web server running on port 80 and i want to limit the # of calls concurrent to be no more than 5 req/sec .
i have several farms for load balance on ports 33000 -33010
so i want max req/sec hit port 80 is 5 .
i used the command :
-A PREROUTING -d 103.60.15.71/32 -p tcp -m tcp --dport 80 -m limit --limit 5/sec -j DNAT --to-destination :33000-33010 --random
the rule above applied , but i still keep seeing rate more than 5 req/sec .
i added the limit bust --limit-burst 1 .
i began to have complains form users and it seems :
-A PREROUTING -d 103.60.15.71/32 -p tcp -m tcp --dport 80 -m limit --limit 5/sec --limit-burst 1 -j DNAT --to-destination :33000-33010 --random
sometimes perform with rate less than 5 req/sec or may drop something .
i hope someone help me , i just want to limit the simultaneous connection no more 5 req/sec in all cases .
Thanks
i have a web server running on port 80 and i want to limit the # of calls concurrent to be no more than 5 req/sec .
i have several farms for load balance on ports 33000 -33010
so i want max req/sec hit port 80 is 5 .
i used the command :
-A PREROUTING -d 103.60.15.71/32 -p tcp -m tcp --dport 80 -m limit --limit 5/sec -j DNAT --to-destination :33000-33010 --random
the rule above applied , but i still keep seeing rate more than 5 req/sec .
i added the limit bust --limit-burst 1 .
i began to have complains form users and it seems :
-A PREROUTING -d 103.60.15.71/32 -p tcp -m tcp --dport 80 -m limit --limit 5/sec --limit-burst 1 -j DNAT --to-destination :33000-33010 --random
sometimes perform with rate less than 5 req/sec or may drop something .
i hope someone help me , i just want to limit the simultaneous connection no more 5 req/sec in all cases .
Thanks