* QoS on dynamic port allocation protocols
@ 2003-03-13 1:09 Antonio Paulo Salgado Forster
2003-03-13 5:28 ` Raymond Leach
0 siblings, 1 reply; 5+ messages in thread
From: Antonio Paulo Salgado Forster @ 2003-03-13 1:09 UTC (permalink / raw)
To: netfilter
Hello all,
I'm trying to apply QoS rules on protocols that use dynamic port
allocation on secondary connections such as ftp or H323 that have a
specific iptables helper to handle them, and the problem begins when the
secondary connections startup. Would the connmark module mark also the
seconday connections if you tells it to mark the main flow? Or, is there
any way to to match a packet using, at the same time, the -m state --state
RELATED match and check if the related connection belongs to a ftp session?
Any ideas are appreciated. Thanks in advance.
Forster
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: QoS on dynamic port allocation protocols
2003-03-13 1:09 QoS on dynamic port allocation protocols Antonio Paulo Salgado Forster
@ 2003-03-13 5:28 ` Raymond Leach
2003-03-13 13:40 ` alexb
0 siblings, 1 reply; 5+ messages in thread
From: Raymond Leach @ 2003-03-13 5:28 UTC (permalink / raw)
To: Netfilter Mailing List
[-- Attachment #1: Type: text/plain, Size: 867 bytes --]
On Thu, 2003-03-13 at 03:09, Antonio Paulo Salgado Forster wrote:
> Hello all,
>
> I'm trying to apply QoS rules on protocols that use dynamic port
> allocation on secondary connections such as ftp or H323 that have a
> specific iptables helper to handle them, and the problem begins when the
> secondary connections startup. Would the connmark module mark also the
> seconday connections if you tells it to mark the main flow? Or, is there
> any way to to match a packet using, at the same time, the -m state --state
> RELATED match and check if the related connection belongs to a ftp session?
>
> Any ideas are appreciated. Thanks in advance.
>
> Forster
Depending on your QoS setup, you could use the -m state --state RELATED
and the fwmark patch to mark the packets. Then your QoS filters could be
triggered by the fwmark values.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: QoS on dynamic port allocation protocols
2003-03-13 5:28 ` Raymond Leach
@ 2003-03-13 13:40 ` alexb
2003-03-13 14:07 ` Eric Leblond
2003-03-13 14:54 ` Jozsef Kadlecsik
0 siblings, 2 replies; 5+ messages in thread
From: alexb @ 2003-03-13 13:40 UTC (permalink / raw)
To: raymondl; +Cc: Netfilter Mailing List
But how do I distinguish RELATED connection from ftp and H323 ?
If I only whant to limit bandwidht for ftp and not for H323, how could I tell
iptable to mark only the RELATED packets from ftp connections ?
Thanks,
Alex
Cópia Raymond Leach <raymondl@knowledgefactory.co.za>:
> On Thu, 2003-03-13 at 03:09, Antonio Paulo Salgado Forster wrote:
> > Hello all,
> >
> > I'm trying to apply QoS rules on protocols that use dynamic
> port
> > allocation on secondary connections such as ftp or H323 that have a
> > specific iptables helper to handle them, and the problem begins when
> the
> > secondary connections startup. Would the connmark module mark also
> the
> > seconday connections if you tells it to mark the main flow? Or, is
> there
> > any way to to match a packet using, at the same time, the -m state
> --state
> > RELATED match and check if the related connection belongs to a ftp
> session?
> >
> > Any ideas are appreciated. Thanks in advance.
> >
> > Forster
>
> Depending on your QoS setup, you could use the -m state --state
> RELATED
> and the fwmark patch to mark the packets. Then your QoS filters could
> be
> triggered by the fwmark values.
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: QoS on dynamic port allocation protocols
2003-03-13 13:40 ` alexb
@ 2003-03-13 14:07 ` Eric Leblond
2003-03-13 14:54 ` Jozsef Kadlecsik
1 sibling, 0 replies; 5+ messages in thread
From: Eric Leblond @ 2003-03-13 14:07 UTC (permalink / raw)
To: Netfilter Mailing List
On Thu, 2003-03-13 at 14:40, alexb@atix.com.br wrote:
> But how do I distinguish RELATED connection from ftp and H323 ?
> If I only whant to limit bandwidht for ftp and not for H323, how could I tell
> iptable to mark only the RELATED packets from ftp connections ?
You better use the connmark target to suit your need. You can find a
little doc about it on :
http://home.regit.org/connmark.html
The process is the following :
you mark initial packet
connmark restore a mark related to the connection.
BR
--
Eric Leblond <eleblond@init-sys.com>
Init-Sys
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: QoS on dynamic port allocation protocols
2003-03-13 13:40 ` alexb
2003-03-13 14:07 ` Eric Leblond
@ 2003-03-13 14:54 ` Jozsef Kadlecsik
1 sibling, 0 replies; 5+ messages in thread
From: Jozsef Kadlecsik @ 2003-03-13 14:54 UTC (permalink / raw)
To: alexb; +Cc: raymondl, Netfilter Mailing List
On Thu, 13 Mar 2003 alexb@atix.com.br wrote:
> But how do I distinguish RELATED connection from ftp and H323 ?
> If I only whant to limit bandwidht for ftp and not for H323, how could I tell
> iptable to mark only the RELATED packets from ftp connections ?
Use the helper match.
Regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2003-03-13 14:54 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-03-13 1:09 QoS on dynamic port allocation protocols Antonio Paulo Salgado Forster
2003-03-13 5:28 ` Raymond Leach
2003-03-13 13:40 ` alexb
2003-03-13 14:07 ` Eric Leblond
2003-03-13 14:54 ` Jozsef Kadlecsik
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.