From: Martin Josefsson <gandalf@wlug.westbo.se>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] newbie question - how to downgrade ftp-data traffic
Date: Sat, 19 Jan 2002 20:13:31 +0000 [thread overview]
Message-ID: <marc-lartc-101147349717033@msgid-missing> (raw)
In-Reply-To: <marc-lartc-101134351014385@msgid-missing>
On Fri, 18 Jan 2002, Troy Rockwood wrote:
[snip]
> Actually, I checked it with tcpdump (ethereal) and nobody was using
> passive mode. I'm fine if some people that use ftp accidentally get
> higher priority (by using passive), it's just when the ftp traffic
> drowns out everything else that the problem is. At present that means
> ftp-data (port 20) traffic. Thanks for the reply though I may have to
> be more clever in the future if passive is used predominantly.
There is a new match in iptables that you could use. It is a match that's
capable of mathing which conntrack helper a related connection belongs to.
so if you load ip_conntrack_ftp then you can do something like this:
iptables -A FORWARD -m helper --helper ftp -j MARK --set-mark 2
then all packet belonging to ftp connection (both the packets in the
ftp-command connection and all packets in the related data
connections) will have a fwmark of 2. this works for both passive and
active ftp.
You'll find this helper match in the iptables patch-o-matic (either from
cvs or download iptables 1.2.5)
/Martin
Never argue with an idiot. They drag you down to their level, then beat you with experience.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
prev parent reply other threads:[~2002-01-19 20:13 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-01-18 8:39 [LARTC] newbie question - how to downgrade ftp-data traffic Troy Rockwood
2002-01-18 13:13 ` DLG
2002-01-18 16:32 ` Troy Rockwood
2002-01-19 20:13 ` Martin Josefsson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-101147349717033@msgid-missing \
--to=gandalf@wlug.westbo.se \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.