IpCop and connection limit ?

OK stanyo, here is something you can try. You may get a few complaints from your users but here goes:
You can either limit the number of connections in the conntrack table or clean up idle connections. By default TCP connections are left for 5 days and doing this could help your problem. We'll try cleaning up the idle connections first, as setting the max connections to 200 could be a problem.

To clean up idle connections type in the following command. You can add it to your rc.local if it works out. It sets the timeout for TCP connections based on their state as follows:
NONE
ESTABLISHED
SYN_SENT
SYN_RECV
FIN_WAIT
TIME_WAIT
CLOSE
CLOSE_WAIT
LAST_ACK
LISTEN

[code:1]echo "600 1800 120 60 120 120 10 60 30 120" > /proc/sys/net/ipv4/ip_conntrack_tcp_timeouts[/code:1]

So ESTABLISHED TCP connections will time out after 30 mins of idle time, for example. This might cause you some problems so look out.

If this does not work, you could try setting the maximum number of connections to 200 using the following command:
[code:1]echo 200 > /proc/sys/net/ipv4/ip_conntrack_max [/code:1]

But only as a last resort.

With first code i get some error.
"No such file or directory"
The second works i think but internet is very slow.

Sorry, stanyo about the error with the first suggestion. That option must not be compiled into IPCOP by default. We're stuck with the second option and you can try increasing it until it works OK for you. If you still can get a satisfactory result and you want to go back to the IPCOP default, type in:

[code:1]echo 4096 > /proc/sys/net/ipv4/ip_conntrack_max[/code:1]

hi.

sorry to bring up this old thread.
but, i have very similar situation and in need for a solution.

i also have bot (block out traffic) installed.
in bot, there's option --limit avg

how can i use this?

tia

I'm sorry I haven't actually used the block out add-on before. What exactly do you want to achieve?