Hello I''ve setuped a bridge with iptables + layer + ipp2p + tc I don''t know how to shape passive ftp ? If I put rules on port 20, 21 or using layer 7 iptables accounting still empty ... When I done a tcpdump I can see that othe port than 20 or 21 are used ... Any Ideas of how I can achieve this ? Regards
Nikolay Kichukov
2007-Jan-09 07:32 UTC
Re: How can I do traffic shapping for passive ftp ?
Hello Sebastien, If you are configuring the server side(where the ftpd is running) then you can tell the ftpd which ports to use for those passive connections in its configuration file. Then you can apply your rules on those ports ;-) HTH, -nik Sébastien CRAMATTE wrote:> Hello > > I''ve setuped a bridge with iptables + layer + ipp2p + tc > I don''t know how to shape passive ftp ? > > If I put rules on port 20, 21 or using layer 7 iptables accounting > still empty ... > When I done a tcpdump I can see that othe port than 20 or 21 are used ... > > Any Ideas of how I can achieve this ? > > Regards > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Kajetan Staszkiewicz
2007-Jan-09 08:14 UTC
Re: How can I do traffic shapping for passive ftp ?
Dnia poniedziałek, 8 stycznia 2007 21:25, Sébastien CRAMATTE napisał(a):> Hello > > I''ve setuped a bridge with iptables + layer + ipp2p + tc > I don''t know how to shape passive ftp ? > > If I put rules on port 20, 21 or using layer 7 iptables accounting > still empty ... > When I done a tcpdump I can see that othe port than 20 or 21 are used ...Use ip_nat_ftp and ip_conntrack_ftp modules. Then mark ftp traffic with helper match. example: iptables -t mangle -A FORWARD -m helper --helper ftp -j MARK --set-mark 0x03 -- | pozdrawiam / greetings | powered by Trustix, Gentoo and FreeBSD | | Kajetan Staszkiewicz | jabber,email,www: vegeta()tuxpowered net | | Vegeta | IMQ devnames: http://tuxpowered.net | `------------------------^------------------------------------------''
Sébastien CRAMATTE
2007-Jan-09 09:41 UTC
Re: How can I do traffic shapping for passive ftp ?
Kajetan Staszkiewicz a écrit :> Dnia poniedziałek, 8 stycznia 2007 21:25, Sébastien CRAMATTE napisał(a): > > >> Hello >> >> I''ve setuped a bridge with iptables + layer + ipp2p + tc >> I don''t know how to shape passive ftp ? >> >> If I put rules on port 20, 21 or using layer 7 iptables accounting >> still empty ... >> When I done a tcpdump I can see that othe port than 20 or 21 are used ... >> > > Use ip_nat_ftp and ip_conntrack_ftp modules. Then mark ftp traffic with helper > match. > > example: > iptables -t mangle -A FORWARD -m helper --helper ftp -j MARK --set-mark 0x03 > > >I haven''t specifiy that I don''t use NAT. I use this QoS manager for a very small ISP and I can''t control ftp server Upgrading Layer7 protocols seems thas is ok ... Regards