From: Shanker Balan <shanu@exocore.com>
To: lartc@vger.kernel.org
Subject: [LARTC] Re: Shaping only FTP traffic
Date: Tue, 25 Sep 2001 08:55:37 +0000 [thread overview]
Message-ID: <marc-lartc-100140813700807@msgid-missing> (raw)
Hello:
Ivan Lopez wrote,
> you just filter by ftp-data port (20) and by passive ports range (most
> ftp daemons gives you the chance to define a determinate range of
> ports to use in passive mode)
But i have no control over the FTP clients users behind my Linux router
will use. Moreover, i have full NAT for my internal network.
> i discourage you from shaping ftp control traffic (21), because of the
> annoying delay you introduce in the interactiveness of the ftp session
Ok. Will take out port 21 then.
> this is how i do it using iptables marking and fw tc filter
>
> #for matching ftp-data iptables -A OUTPUT -o $IF_EXT -p tcp --sport 20
> -j MARK 1 #for matching passive ports range that i configured in my
> ftp daemon iptables -A OUTPUT -o $IF_EXT -p tcp --sport 5000:5100 -j
> MARK 1
For this to work, all FTP clients should be configured to use only ports
between 5000 and 5100 right?
--
Emperor Palpatine:
Everything that has transpired has done so according
to my design.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
next reply other threads:[~2001-09-25 8:55 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-09-25 8:55 Shanker Balan [this message]
2001-09-25 10:08 ` [LARTC] Re: Shaping only FTP traffic Ivan Lopez
2001-09-25 10:49 ` Shanker Balan
2001-09-25 11:29 ` Daniel Bergqvist
2001-09-25 11:56 ` Ivan Lopez
2001-09-25 12:43 ` Shanker Balan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-100140813700807@msgid-missing \
--to=shanu@exocore.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.