beautypg.com

Configuring connection limit, Network requirements, Configuration procedure – H3C Technologies H3C SecBlade LB Cards User Manual

Page 268

background image

257

Configuring connection limit

Network requirements

As shown in

Figure 143

, a company has five public IP addresses: 202.38.1.1/24 to 202.38.1.5/24. The

internal network address is 192.168.0.0/16 and two servers are on the internal network. Perform NAT

configuration so that the internal users can access the Internet and external users can access the internal
servers, and configure connection limiting so that:

Each host on segment 192.168.0.0/24 can establish up to 100 connections to external network and
all the other hosts can establish as many connections as possible.

Permit up to 10000 connections from the external network to the DNS server.

Permit up to 10000 connections from the external network to the Web server.

Figure 143 Network diagram

Configuration procedure

The following describes only connection limit configuration. For more information about NAT

configuration and internal server configuration, see Network Management Configuration Guide.
# Create a connection limit policy and enter its view.

system-view

[LB] connection-limit policy 0

# Configure connection limit rule 0 to limit connections from hosts on segment 192.168.0.0/24 to the
external network per source address, with the upper connection limit of 100.

[LB-connection-limit-policy-0] limit 0 source ip 192.168.0.0 24 destination ip any

protocol ip max-connections 100 per-source

# Configure connection limit rule 1 to limit connections from the external network to the DNS server

192.168.0.3/24, with the upper connection limit of 10000.

[LB-connection-limit-policy-0] limit 1 source ip any destination ip 192.168.0.3 32

protocol dns max-connections 10000

# Configure connection limit rule 2 to limit connections from the external network to the Web server
192.168.0.2/24, with the upper connection limit of 10000.

[LB-connection-limit-policy-0] limit 2 source ip any destination ip 192.168.0.2 32

protocol http max-connections 10000

[LB-connection-limit-policy-0] quit

# Apply the connection limit policy.

[LB] connection-limit apply policy 0

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: