From mboxrd@z Thu Jan 1 00:00:00 1970 From: Gustin Johnson Date: Sun, 23 Dec 2007 22:51:48 +0000 Subject: Re: [LARTC] traffic not getting into class Message-Id: <476EE684.7020108@echostar.ca> List-Id: References: <20071217120952.1d06da9d.mailinglists@lucassen.org> In-Reply-To: <20071217120952.1d06da9d.mailinglists@lucassen.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > ${TC} filter add dev ${DEV_IFB} parent 1:0 prio 4 protocol ip u32 \ > match ip protocol 0x6 0xff \ match ip dport 21 0xffff \ classid 1:14 > # ftp-server > > This works fine, but traffic for 1:14 (ftp) never gets into 1:14. > > Is there a certain rule order in which filters must be written? As > far as I can see I haven't made any mistakes in these filters... FTP is more complicated to filter than ssh. There is a control connection and a data connection. > Anyone a hint? The following sites give some info on the ftp protocal, though there is a ton of more info if you use google. http://www.slacksite.com/other/ftp.html http://www.troubleshootingnetworks.com/ftpinfo.html As an aside, ftp services really should be replaced with one of the better alternatives. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHbuaEwRXgH3rKGfMRAq2dAJ9fYPz6yvBQPuima3sUNCt0OQpHWQCfcxHw nUC+eYmSP+0MNj+DEkyUQDkkBW -----END PGP SIGNATURE----- _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc