All of lore.kernel.org
 help / color / mirror / Atom feed
From: Patrick McHardy <kaber@trash.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] limit ftp bandwidth
Date: Tue, 16 Apr 2002 11:42:24 +0000	[thread overview]
Message-ID: <marc-lartc-101895741322416@msgid-missing> (raw)
In-Reply-To: <marc-lartc-101890115314365@msgid-missing>

Stef Coene wrote:
> On Monday 15 April 2002 23:15, Omar Armas wrote:
> 
>>I want to limit ftp bandwith to 128Kb. In a RH 7.2 box I have:
>>
>>eth0: 200.39.186.1
>>eth1: 192.168.1.1
>>
>>I use these rules:
>>
>>
>>tc qdisc add dev eth0 root handle 10: cbq bandwidth 10Mbit avpkt 1000
>>tc class add dev eth0 parent 10:0 classid 10:1282 cbq bandwidth 10Mbit
>>rate 128Kbit allot 1514 weight 12Kbit prio 5 maxburst 20 avpkt 1000
>>bounded
>>tc qdisc add dev eth0 parent 10:1282 sfq quantum 1514b perturb 15
>>tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip
>>dport 21 0xffff flowid 10:1282
>>
>>But users accesing ftp from 192.168.1.0/24 are allowed more that 128K,
>>any idea aboout how to solve it?
> 
> Yes.  You match destination 21, but this is only the command path.  The data 
> path uses an other variable destination port (passive ftp uses port 20, 
> active ftp uses a variable port).  So you can't match the data path.
> 
> There is a solution.  There is a iptables match-patch so you can mark all 
> packets that belongs to a ftp-data stream.  That mark can be used to put the 
> data in the class you want.  I don't have more info, but maybe someone else 
> on the list can help you.

Just put all ftpusers in a special group and use the owner match, maybe 
in combination with -d ! 192.168.1.0/24 ..

Bye,
Patrick

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

      parent reply	other threads:[~2002-04-16 11:42 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-04-15 20:05 [LARTC] limit ftp bandwidth Omar Armas
2002-04-16  8:14 ` Stef Coene
2002-04-16 11:42 ` Patrick McHardy [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-101895741322416@msgid-missing \
    --to=kaber@trash.net \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.