All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ivan Lopez <ivan@askai.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Shaping only FTP traffic
Date: Tue, 25 Sep 2001 08:13:13 +0000	[thread overview]
Message-ID: <marc-lartc-100140561925298@msgid-missing> (raw)
In-Reply-To: <marc-lartc-100139328727238@msgid-missing>

On Sep/25/2001, Shanker Balan wrote:

> Hello:

hi!

> I am a bit unclear on shaping FTP traffic only. How do i do it?

you just filter by ftp-data port (20) and by passive ports range (most ftp daemons gives you the chance to define a determinate range of ports to use in passive mode)

i discourage you from shaping ftp control traffic (21), because of the annoying delay you introduce in the interactiveness of the ftp session

> This is what i currently have:
>
> # classid 1:100 is a 200Kbit limiter
> # filter for matching "ftp-data" (0x14) and "ftp" (0x15) ports
> $TC filter add dev eth1 parent 1:0 protocol ip prio 9 u32 match ip \
> sport 0x14 0xffff flowid 1:100
> $TC filter add dev eth1 parent 1:0 protocol ip prio 8 u32 match ip \
> sport 0x15 0xffff flowid 1:100
>
> This does not seem to work. Can anyone provide me with a filter for
> catching active and passive FTP connects?

this is how i do it using iptables marking and fw tc filter

#for matching ftp-data
iptables -A OUTPUT -o $IF_EXT -p tcp --sport 20 -j MARK 1
#for matching passive ports range that i configured in my ftp daemon
iptables -A OUTPUT -o $IF_EXT -p tcp --sport 5000:5100 -j MARK 1

#and now the tc filters using fw
tc filter add dev $IF_EXT parent 1:0 protocol ip prio 1 handle 1 fw classid 1:100

> Thank you for your time.

ivan

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

      reply	other threads:[~2001-09-25  8:13 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-09-25  4:48 [LARTC] Shaping only FTP traffic Shanker Balan
2001-09-25  8:13 ` Ivan Lopez [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-100140561925298@msgid-missing \
    --to=ivan@askai.net \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.