All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] How can  I do traffic shapping for passive ftp ?
@ 2007-01-08 20:25 Sébastien CRAMATTE
  2007-01-09  7:32 ` Nikolay Kichukov
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Sébastien CRAMATTE @ 2007-01-08 20:25 UTC (permalink / raw)
  To: lartc

Hello

I've setuped a bridge with  iptables + layer + ipp2p + tc
I don't know  how to shape  passive ftp ?

If I put rules on port  20, 21 or using layer 7  iptables accounting
still empty ...
When I done a tcpdump I can see that othe port than 20 or 21 are used ...

Any Ideas of how I can achieve this ?

Regards
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] How can  I do traffic shapping for passive ftp ?
  2007-01-08 20:25 [LARTC] How can I do traffic shapping for passive ftp ? Sébastien CRAMATTE
@ 2007-01-09  7:32 ` Nikolay Kichukov
  2007-01-09  8:14 ` Kajetan Staszkiewicz
  2007-01-09  9:41 ` Sébastien CRAMATTE
  2 siblings, 0 replies; 4+ messages in thread
From: Nikolay Kichukov @ 2007-01-09  7:32 UTC (permalink / raw)
  To: lartc

Hello Sebastien,
If you are configuring the server side(where the ftpd is running) then 
you can tell the ftpd which ports to use for those passive connections 
in its configuration file.

Then you can apply your rules on those ports ;-)

HTH,
-nik

Sébastien CRAMATTE wrote:
> Hello
> 
> I've setuped a bridge with  iptables + layer + ipp2p + tc
> I don't know  how to shape  passive ftp ?
> 
> If I put rules on port  20, 21 or using layer 7  iptables accounting
> still empty ...
> When I done a tcpdump I can see that othe port than 20 or 21 are used ...
> 
> Any Ideas of how I can achieve this ?
> 
> Regards
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] How can  I do traffic shapping for passive ftp ?
  2007-01-08 20:25 [LARTC] How can I do traffic shapping for passive ftp ? Sébastien CRAMATTE
  2007-01-09  7:32 ` Nikolay Kichukov
@ 2007-01-09  8:14 ` Kajetan Staszkiewicz
  2007-01-09  9:41 ` Sébastien CRAMATTE
  2 siblings, 0 replies; 4+ messages in thread
From: Kajetan Staszkiewicz @ 2007-01-09  8:14 UTC (permalink / raw)
  To: lartc

Dnia poniedzia³ek, 8 stycznia 2007 21:25, Sébastien CRAMATTE napisa³(a): 

> Hello
>
> I've setuped a bridge with  iptables + layer + ipp2p + tc
> I don't know  how to shape  passive ftp ?
>
> If I put rules on port  20, 21 or using layer 7  iptables accounting
> still empty ...
> When I done a tcpdump I can see that othe port than 20 or 21 are used ...

Use ip_nat_ftp and ip_conntrack_ftp modules. Then mark ftp traffic with helper 
match.

example:
iptables -t mangle -A FORWARD -m helper --helper ftp -j MARK --set-mark 0x03


-- 
| pozdrawiam / greetings | powered by Trustix, Gentoo and FreeBSD   |
|  Kajetan Staszkiewicz  | jabber,email,www: vegeta()tuxpowered net |
|        Vegeta          | IMQ devnames: http://tuxpowered.net      |
`------------------------^------------------------------------------'
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] How can  I do traffic shapping for passive ftp ?
  2007-01-08 20:25 [LARTC] How can I do traffic shapping for passive ftp ? Sébastien CRAMATTE
  2007-01-09  7:32 ` Nikolay Kichukov
  2007-01-09  8:14 ` Kajetan Staszkiewicz
@ 2007-01-09  9:41 ` Sébastien CRAMATTE
  2 siblings, 0 replies; 4+ messages in thread
From: Sébastien CRAMATTE @ 2007-01-09  9:41 UTC (permalink / raw)
  To: lartc

Kajetan Staszkiewicz a écrit :
> Dnia poniedzia³ek, 8 stycznia 2007 21:25, Sébastien CRAMATTE napisa³(a): 
>
>   
>> Hello
>>
>> I've setuped a bridge with  iptables + layer + ipp2p + tc
>> I don't know  how to shape  passive ftp ?
>>
>> If I put rules on port  20, 21 or using layer 7  iptables accounting
>> still empty ...
>> When I done a tcpdump I can see that othe port than 20 or 21 are used ...
>>     
>
> Use ip_nat_ftp and ip_conntrack_ftp modules. Then mark ftp traffic with helper 
> match.
>
> example:
> iptables -t mangle -A FORWARD -m helper --helper ftp -j MARK --set-mark 0x03
>
>
>   
I haven't specifiy that I don't use NAT.  I use this QoS manager for a
very small ISP and I can't control ftp server
Upgrading Layer7 protocols seems thas is ok ...

Regards
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-01-09  9:41 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-01-08 20:25 [LARTC] How can I do traffic shapping for passive ftp ? Sébastien CRAMATTE
2007-01-09  7:32 ` Nikolay Kichukov
2007-01-09  8:14 ` Kajetan Staszkiewicz
2007-01-09  9:41 ` Sébastien CRAMATTE

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.