From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?ISO-8859-1?Q?Kert=E9sz?= Viktor <kviktor@i-trade.hu>
Date: Mon, 10 Mar 2003 13:01:34 +0000
Subject: Re: [LARTC] htb parameter problem
Message-Id: <marc-lartc-104730136723181@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-104701906522033@msgid-missing>
In-Reply-To: <marc-lartc-104701906522033@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hi,

> 
> iptables -t mangle -A FORWARD -p tcp -o eth0 -s 0/0 --dport ftp -d 0/0 -j MARK --set-mark 2
> iptables -t mangle -A PREROUTING -p tcp -i eth0 -s 0/0 --dport ftp -d 0/0 -j MARK --set-mark 2
> iptables -t mangle -A FORWARD -p tcp -o eth0 -s 0/0 --dport ftp-data -d 0/0 -j MARK --set-mark 7
> iptables -t mangle -A PREROUTING -p tcp -i eth0 -s 0/0 --dport ftp-data -d 0/0 -j MARK --set-mark 7
> iptables -t mangle -A FORWARD -p tcp -o eth0 -s 0/0 --dport http -d 0/0 -j MARK --set-mark 5

instead of --dport ftp-data/ftp use -m helper --helper "ftp". Match for 
port does not work because of the nature of ftp. (passive mode) This can
be tricky.

Viktor

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/