How to throttle HTTP requests on a Linux machine?
TL;DR: Here is the summary: I need to reduce max connections on Ubuntu 11.04, preferably system-wide, but at least within Google Chrome. I do not need or want to throttle bandwidth. Verizon seems to care only about the number of connections, so that is all I want to change. Also, I don't want to use Firefox unless I have to. I have three other machines all using Chrome and synced, and I just prefer it over Firefox.
I use tethering for my home internet connection via my Verizon cell phone without paying for it. This works just fine for streaming Netflix via my Nintendo Wii and pretty much every other conceivable use I've had for it. Except, during heavy usage with multiple tabs open on my laptop, the network connection on my phone will just turn off, then on again, then off, but it never fully connects.
I think, based on this answer on Android Enthusiasts Stack Exchange and other questions, that this is caused by Verizon getting too many HTTP requests from my phone. Is there some software, script, setting or otherwise that would allow me to throttle my requests to say, 5 or 10 or whatever it turns out is 1 less than Verizon is looking for, so that my cell's network connection is not lost?
I would far prefer a slow down rather than complete shut off of my internet connection. I am almost certain it is from quantity of requests and not related to data, because, as I mentioned, Netflix will run all day without a hitch, and that uses more data than anything else I would be doing. If I had a router, I am pretty sure there are settings I could easily change to allow only so many requests at a time ... but in this case, my phone is my router, so no settings. I'm using Ubuntu 11.04 on my netbook with an HTC Incredible on Verizon (not that the phone details are relevant).
I have been trying to figure this out for quite some time. Currently the only fix is ensure that all requests are stopped and then sometimes it works again; other times I have to manually turn my 3G service off and then back on.
Solution 1:
I successfully use an SSH tunnel to circumvent arbitrary connection limits when tethering. The idea is as follows:
ssh -D 1234 server
starts the tunnel, then you configure firefox or other software to use socks 5 proxy localhost/1234. Follow the instructions on this page to instruct firefox to also use the proxy for DNS.
The result is that the router will only see one encrypted connection to your proxy.
If you are using Ubuntu, then you can configure the proxy settings for Ubuntu, not for Chrome or Firefox. Then, all programs including Chrome and Firefox should use that proxy by default.
Open gnome-network-properties
, and set the proxy to host localhost, port 1234.
Solution 2:
If you're using Firefox, search for "max-connections" settings in about:config.
Anything more complex than that likely requires traffic control / packet filtering / firewall -- for example, you can use Shorewall to do connection rate limiting: http://www.shorewall.net/ConnectionRate.html
Solution 3:
You can add a rule to the netfilter/iptables firewall to do this for you. Netfilter consults the nat table concerning new connections (and the filter table per packet). You can rate-limit new connections using a single iptables command.
# iptables --table nat --append --protocol tcp -m multiport \
--destination-ports 80,443 -m limit ! --limit 10/second --limit-burst 5 \
--jump DROP
This command must be run as root. It matches all new --table-nat
, tcp --protocol tcp
connection attempts to ports 80 (http) and 443 (https) --destination-ports 80,443
which is above !
the limit of 5 connection attempts per second --limit 10/second
, with an allowance of 5 extra connections --limit-burst 5
. It then instructs netfilter to completely ignore these packets --jump DROP
.
NB, you'll need to run this command every time you reboot your computer, which can be accomplished via a variety of mechanisms. You can throw this into a shell script, make it executable, and call it via a pre-up line in /etc/network/interfaces
--if you use this file to configure your network, and if you use a debian variant.
An quick, easy hack would be to add this line to one of the important-looking start-up scripts under /etc/init.d/
.