From: nix4me <nix4me@cfl.rr.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] outbound shaping
Date: Fri, 26 Nov 2004 22:32:26 +0000 [thread overview]
Message-ID: <41A7AEFA.2000501@cfl.rr.com> (raw)
In-Reply-To: <41A3FECE.4070507@cfl.rr.com>
gypsy wrote:
>nix4me wrote:
>
>
>>24.xxx.xxx.xxx
>> |router|
>>192.168.1.1
>> |switch|
>>192.168.1.100 & 192.168.1.101
>>
>>
>
>So can we assume that 192.168.1.1 has 2 NICs, eth0 facing 24.x.x.x/32
>and eth1 facing 192.168.1.0/24?
>
>
Yes. Although I am not running the script on this box. Its a plain
Ipcop linux firewall.
>
>
>
>>I am running proftpd on (192.168.1.101) with the port set to 65437 and
>>with passive ports set to 50000-51000. Proftpd allows you to specify a
>>range of ports to use on passive transfers. I need to be able to limit
>>my outbound ftp traffic to 40 Kbytes per second.
>>The only way I can see to do this is limit by marking packets with
>>iptables. I am marking traffic on 65436 which is the active ftp data
>>port (65437-1) and 50000-60000. Outbound shaping is working
>>fine....however....inbound ftp traffic is also being shaped to 40K. I
>>have no idea why.
>>
>>Seems to me the below rules should mark outbound packets and shape only
>>outbound packets. I dont understand why inbound packets are getting shaped.
>>
>>Here is the script:
>>#!/bin/bash
>>#shaping passive and active outbound ftp traffic on an internal computer
>>without affecting inbound and lan speed
>>
>># mark the outbound passive ftp packets on ports 50000-51000
>>iptables -t mangle -N MYSHAPER-OUT
>>iptables -t mangle -I OUTPUT -o eth0 -j MYSHAPER-OUT
>>
>>iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 65436 -j MARK
>>--set-mark 20
>>iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:51000 -j MARK
>>--set-mark 20
>>iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
>>
>>
>
>1) Are you sure these rules are correctly marking and that the marks
>exist at the time the tc filter sees the packet? My hunch is NOT.
>ASIDE: We _really_ need a way for filters to report hit counts!
>
>
>
No, I am not sure. I have used the command 'watch -n1 tc -s class ls
dev eth0' to see the packets flying but i dont really know how to make
sure they are being marked correctly. I must assume that ALL packets on
ports 65436 and 50000-510000 are being marked because they are being
shaped. Just not sure why incoming packets are being markek and
shaped. Outbound shaping is working just fine.
>2) Since 1:26 is htb default, why is it necessary to '--set-mark 26'?
>
>
>
I thought it was necessary.
>gypsy
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2004-11-26 22:32 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-24 3:23 [LARTC] outbound shaping nix4me
2004-11-25 20:11 ` Stef Coene
2004-11-25 22:05 ` nix4me
2004-11-26 6:00 ` gypsy
2004-11-26 13:25 ` nix4me
2004-11-26 13:25 ` nix4me
2004-11-26 21:14 ` gypsy
2004-11-26 22:32 ` nix4me [this message]
2004-11-27 0:46 ` Andy Furniss
2004-11-27 0:54 ` nix4me
2004-11-27 1:28 ` Andy Furniss
2004-11-27 4:28 ` gypsy
2004-11-27 13:40 ` nix4me
2004-11-27 14:01 ` nix4me
2004-11-29 3:32 ` Jason Boxman
2004-12-14 10:04 ` Daniel Bartlett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41A7AEFA.2000501@cfl.rr.com \
--to=nix4me@cfl.rr.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.