From mboxrd@z Thu Jan  1 00:00:00 1970
From: Shanker Balan <shanu@exocore.com>
Date: Tue, 25 Sep 2001 08:55:37 +0000
Subject: [LARTC] Re: Shaping only FTP traffic
Message-Id: <marc-lartc-100140813700807@msgid-missing>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hello:

Ivan Lopez wrote,
> you just filter by ftp-data port (20) and by passive ports range (most
> ftp daemons gives you the chance to define a determinate range of
> ports to use in passive mode)

But i have no control over the FTP clients users behind my Linux router
will use. Moreover, i have full NAT for my internal network.
 
> i discourage you from shaping ftp control traffic (21), because of the
> annoying delay you introduce in the interactiveness of the ftp session

Ok. Will take out port 21 then.

> this is how i do it using iptables marking and fw tc filter
> 
> #for matching ftp-data iptables -A OUTPUT -o $IF_EXT -p tcp --sport 20
> -j MARK 1 #for matching passive ports range that i configured in my
> ftp daemon iptables -A OUTPUT -o $IF_EXT -p tcp --sport 5000:5100 -j
> MARK 1

For this to work, all FTP clients should be configured to use only ports
between 5000 and 5100 right?

-- 
Emperor Palpatine:
	Everything that has transpired has done so according
	to my design.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/