From: Damion de Soto <damion@snapgear.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] wondershaper
Date: Thu, 05 Feb 2004 05:28:13 +0000 [thread overview]
Message-ID: <4021D46D.8050504@snapgear.com> (raw)
In-Reply-To: <marc-lartc-103130244112675@msgid-missing>
Mark,
> I am using wondershaper with htb to shape my network. I want to limit only
> outbound ftp traffic (me uploading) from 192.168.1.101.
>
> I am using port 21 for ftp with passive ports 50,000-60,000.
That's a large range of ports to shape, and other programs might be using them
- that's a problem with passive ftp you can't easily avoid.
> What else do I need to put in the config to do this? Here is my config.
You can't match IP and port with the normal wondershaper script.
You also can't match NATed source IP addresses on your egress qdisc, which means any
rule you setup for ports 21, 50000-60000 will apply to all machines on your LAN.
What you should probabaly do, is use iptables to mark all outbound traffic from
src 192.168.1.101 on port 21, 50000-60000 with TOS 0x08 (Maximum Throughput)
and then add another u32 filter into wondershaper
tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 match ip tos 0x08 0xff
flowid 1:30
regards
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer email: damion@snapgear.com
SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809
| Custom Embedded Solutions fax: +61 7 3891 3630
| and Security Appliances web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- Free Embedded Linux Distro at http://www.snapgear.org ---
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2004-02-05 5:28 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-09-06 8:52 [LARTC] Wondershaper Sebastian Bleikamp
2002-09-06 9:27 ` Stef Coene
2002-09-06 11:47 ` Sebastian Bleikamp
2002-09-09 19:22 ` Stef Coene
2002-09-18 4:42 ` Justin Morea
2002-09-18 5:50 ` Stef Coene
2002-09-18 14:56 ` Adi Nugroho
2002-11-20 18:58 ` [LARTC] wondershaper K Sambaiah
2002-11-20 19:09 ` Stef Coene
2002-11-20 19:47 ` David Koski
2002-11-24 23:16 ` Mario Ohnewald
2002-11-25 7:03 ` Kenneth Porter
2004-02-03 2:51 ` Mark Ryan
2004-02-04 0:26 ` Mark Ryan
2004-02-04 1:46 ` Damion de Soto
2004-02-05 1:01 ` Mark Ryan
2004-02-05 5:28 ` Damion de Soto [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-10-13 15:19 David Sims
2005-10-13 18:08 ` Eliot, Wireless and Server Administrator, Great Lakes Internet
2005-10-27 21:24 ` [LARTC] Wondershaper David Sims
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4021D46D.8050504@snapgear.com \
--to=damion@snapgear.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.