I''m new to the list and to traffic shaping, however I understand the
idea behind it I believe. My home computer is connected via DSL. I
run an ftp server and I have a home network behind the machine so that
it acts as the router/gateway for that network.
I get a lot of ftp traffic, sometimes so much that traffic from the
home network is too slow to be useful. What is the easiest way to give
all other traffic priority over ftp-data traffic so that it doesn''t eat
up all my bandwidth and starve my wife''s web browsing? Here is what I
have tried:
I have tried to use iptables to change the TOS bits such that traffic
other than that to port 20 is given priority:
$IPTABLES -A PREROUTING -t mangle -p tcp --sport ! 20 \
-j TOS --set-tos Minimize-Delay
or
$IPTABLES -A OUTPUT -t mangle -p tcp --sport ! 20 \
-j TOS --set-tos Minimize-Delay
However, this does not seem to have the desired effect (I have looked
at the packets with ethereal (tcpdump with a GUI) but the TOS bits do
not seem to be affected in either case.
I also tried using queuing:
tc qdisc add dev eth0 root handle 1: prio
tc qdisc add dev eth0 parent 1:1 handle 10: sfq
tc qdisc add dev eth0 parent 1:2 handle 20: sfq
tc qdisc add dev eth0 parent 1:3 handle 30: sfq
tc filter add dev eth0 protocol ip parent 1: prio 0 u32 match ip dport
119 0xffff flowid 1:1
I get limited success with this approach, in this test I gave nntp
(internet news) traffic (port 119) priority but if I try something
like:
tc filter add dev eth0 protocol ip parent 1: prio 2 u32 match ip sport
20 0xffff flowid 1:2
This does not seem to move ftp-data packets into the lowest priority
bin. I''m not sure what syntax to use to move all BUT ftp-data packets
to the high priority bin or how to move only ftp-data packets into the
lower priority bin.
This is probably something stupid and easy but it''s not clear to me
right now. Any help would be greatly appreciated. What I''m looking
for is the simplest way to give other traffic higher priority than the
traffic to/from the ftp-data port (20). Thanks in advance and thanks
for your patience.
====Troy Rockwood - troyrock@rocketmail.com
I have made this letter longer than usual because I lack the time to make it
shorter. -- Blaise Pascal
__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/
On Fri, Jan 18, 2002 at 12:39:58AM -0800, Troy Rockwood wrote:> I''m new to the list and to traffic shaping, however I understand the > idea behind it I believe. My home computer is connected via DSL. I > run an ftp server and I have a home network behind the machine so that > it acts as the router/gateway for that network. > I get a lot of ftp traffic, sometimes so much that traffic from the > home network is too slow to be useful. What is the easiest way to give > all other traffic priority over ftp-data traffic so that it doesn''t eat > up all my bandwidth and starve my wife''s web browsing? Here is what I > have tried: > > I have tried to use iptables to change the TOS bits such that traffic > other than that to port 20 is given priority: > > [some commands deleted] > This does not seem to move ftp-data packets into the lowest priority > bin. I''m not sure what syntax to use to move all BUT ftp-data packets > to the high priority bin or how to move only ftp-data packets into the > lower priority bin. > > This is probably something stupid and easy but it''s not clear to me > right now. Any help would be greatly appreciated. What I''m looking > for is the simplest way to give other traffic higher priority than the > traffic to/from the ftp-data port (20). Thanks in advance and thanks > for your patience. >Depending on the ftp mode clients use, data-port may not be the port 20. In passive mode, the client choose himself the data port. Maybe it is your case.> ====> Troy Rockwood - troyrock@rocketmail.com >-- Michael Strauss
Troy Rockwood
2002-Jan-18 16:32 UTC
Re: newbie question - how to downgrade ftp-data traffic
--- DLG <lartc@duen.org> wrote:> On Fri, Jan 18, 2002 at 12:39:58AM -0800, Troy Rockwood wrote: > > My home computer is connected via DSL. > I > > run an ftp server and I have a home network behind the machine so > that > > it acts as the router/gateway for that network. > > I get a lot of ftp traffic, sometimes so much that traffic from > the > > home network is too slow to be useful. What is the easiest way to > give > > all other traffic priority over ftp-data traffic so that it doesn''t > eat > > up all my bandwidth and starve my wife''s web browsing? > > Any help would be greatly appreciated. What I''m > looking for is the simplest way to give other traffic higher > > priority than the > > traffic to/from the ftp-data port (20). Thanks in advance and > thanks > > for your patience. > > > > Depending on the ftp mode clients use, data-port may not be the port > 20. > In passive mode, the client choose himself the data port. > Maybe it is your case.Actually, I checked it with tcpdump (ethereal) and nobody was using passive mode. I''m fine if some people that use ftp accidentally get higher priority (by using passive), it''s just when the ftp traffic drowns out everything else that the problem is. At present that means ftp-data (port 20) traffic. Thanks for the reply though I may have to be more clever in the future if passive is used predominantly.> -- > Michael Strauss >====Troy Rockwood - troyrock@rocketmail.com I have made this letter longer than usual because I lack the time to make it shorter. -- Blaise Pascal __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/
Martin Josefsson
2002-Jan-19 20:13 UTC
Re: newbie question - how to downgrade ftp-data traffic
On Fri, 18 Jan 2002, Troy Rockwood wrote: [snip]> Actually, I checked it with tcpdump (ethereal) and nobody was using > passive mode. I''m fine if some people that use ftp accidentally get > higher priority (by using passive), it''s just when the ftp traffic > drowns out everything else that the problem is. At present that means > ftp-data (port 20) traffic. Thanks for the reply though I may have to > be more clever in the future if passive is used predominantly.There is a new match in iptables that you could use. It is a match that''s capable of mathing which conntrack helper a related connection belongs to. so if you load ip_conntrack_ftp then you can do something like this: iptables -A FORWARD -m helper --helper ftp -j MARK --set-mark 2 then all packet belonging to ftp connection (both the packets in the ftp-command connection and all packets in the related data connections) will have a fwmark of 2. this works for both passive and active ftp. You''ll find this helper match in the iptables patch-o-matic (either from cvs or download iptables 1.2.5) /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience.