<mjoachimiak@poczta.onet.pl>
2003-Jan-23 00:47 UTC
Re: marking and shaping outbound passive ftp traffic
OK nix. I have problems in my network thats why it has been so long. I dont guarantee this script works but it''s written exactly as mine but the difference is in marking packets for shaper. Try it. I will not test it because I have problems with my server ...sorry. If you want you can give me access to your server so i can apply this script in case of any errors. Good luck. ---------------------------------------------------------------------------- --------------- #eth0 goes to the world iptables -t mangle -X MYSHAPER-OUT iptables -t mangle -N MYSHAPER-OUT iptables -t mangle -I POSTROUTING -o eth0 -j MYSHAPER-OUT iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:60000 -j MARK --set-mark 3 #My concept is that averything goes to default class but outbound ftp goes to limited class #del any previous root tc qdisc del root dev eth0 #add root qdisc tc qdisc add dev eth0 root handle 2:0 htb r2q 10 default 4 #main class tc class add dev eth0 parent 2:0 classid 2:1 htb rate 512kbit ceil 512kbit #defining default class #guaranted rate is 320kbps for default traffic tc class add dev eth0 parent 2:1 classid 2:4 htb rate 320kbit ceil 512kbit tc class add dev eth0 parent 2:1 classid 2:2 htb rate 200kbit ceil 300kbit tc qdisc add dev eth0 parent 2:2 handle 3:1 sfq perturb 10 #filtering by mark tc filter add dev eth0 protocol ip preference 1 parent 2:0 handle 3 fw flowid 2:3 ---------------------------------------------------------------------------- ---------------> Will the following rules work to mark and shape OUTBOUND ftp speed > (passive ftp ports 50000-60000) on my linux server? > I want to be able to run these commands on the actual computer that is > running the ftp server. > > > iptables -t mangle -N MYSHAPER-OUT > iptables -t mangle -I POSTROUTING -o eth0 -j MYSHAPER-OUT > iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 50000:60000 -j MARK > --set-mark 1 > tc class add dev eth0 mark 1 htb rate 10 kbit > > I tried it but the tc line fails with "Error: Qdisc "mark" is classless." > > Any help would be greatly appreciated. > > Mark > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Will the following rules work to mark and shape OUTBOUND ftp speed (passive ftp ports 50000-60000) on my linux server? I want to be able to run these commands on the actual computer that is running the ftp server. iptables -t mangle -N MYSHAPER-OUT iptables -t mangle -I POSTROUTING -o eth0 -j MYSHAPER-OUT iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 50000:60000 -j MARK --set-mark 1 tc class add dev eth0 mark 1 htb rate 10 kbit I tried it but the tc line fails with "Error: Qdisc "mark" is classless." Any help would be greatly appreciated. Mark _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Friday 23 July 2004 02:08, nix4me wrote:> Will the following rules work to mark and shape OUTBOUND ftp speed > (passive ftp ports 50000-60000) on my linux server? > I want to be able to run these commands on the actual computer that is > running the ftp server. > > > iptables -t mangle -N MYSHAPER-OUT > iptables -t mangle -I POSTROUTING -o eth0 -j MYSHAPER-OUT > iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 50000:60000 -j MARK > --set-mark 1 > tc class add dev eth0 mark 1 htb rate 10 kbit > > I tried it but the tc line fails with "Error: Qdisc "mark" is classless."See the lartc.org howto and docum.org for htb and filter examples. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/