similar to: refining my rules

I am currently running the following script on an internal machine to shape outbound ftp and email traffic. I am trying to move the script to my nat router (ipcop with 2 nic cards) so that it shapes the whole network and not only the outbound of 1 box. I have cable modem -> ipcop (eth1) >(eth0 - 192.168.1.1) > 192.168.1.100 and 192.168.1.101. The scripts works great running on

Hi, I am using the following script to limit my outbound traffic. This scipt runs on a box behind my firewall. It limits my outbound passive ftp traffic to 39K perfectly....just like i want. However, i just noticed that it is also limiting uploads coming to my server. Is there something I can change to make it not limit uploads to my server? #!/bin/bash #shaping passive ftp traffic # mark the

I am trying to mark outbound passive ftp traffic with iptables and shape it to 35KBytes. I am using the following script on the computer that runs the ftp server. It is not working correctly, it seems to limit ALL traffic. Cant file share or anything. Anyone might know what is wrong? It seems that I might need to add a ''lan limit'' so all traffic that is not marked still

Hi, I am currently using a script to shape my outbound ftp traffic. Works great except for 1 thing. When a user goes to list a dir, the listing is also getting shaped. This causes dir listings to be very slow. Is there a way to differentiate the dir listing packets? Here is a my current script: #!/bin/bash #shaping passive and active outbound ftp traffic on an internal computer without

>Theory is.. You can only shape outbound traffic. Inbound is via tcp windowshaping etc.. In theory yes, but it is shaping inbound transfers to my server. >> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 65437 -j MARK --set-mark 20 >> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:51000 -j MARK --set-mark 20 >> iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0

>In theory yes, but it is shaping inbound transfers to my server. >YOu''re not doing any other sort of Ingress filters are you?? No >I dont care about destination port. That line was commented. BUT, incoming transfers are being shaped for some reason. >Could this be shaping on the ISP side?? What >happens when the tc rules >are shut off?? No, everything works fine

Hi, I just wanted to share my script with the list. I have been trying to shape outbound passive and active ftp traffic without affecting inbound and lan transfers. I have tried to do this for a long time and it seems that I have finally figured it out. Feel free to comment on the below script if there is anything that can be improved. It seems to work flawlessly so far. #!/bin/bash

Hello everyone, First of all, sorry for my poor english. I''ve been working with this for a few weeks and I''m getting sick... I''m trying to control the bandwith in my network using the following script. The machine where the script is running makes NAT, eth0 is connected to the router and eth1 is connected to the Lan. When I run the script it doesn''t appear any

----- Original Message ----- From: Michał Joachimiak To: lartc@mailman.ds9a.nl Sent: Tuesday, July 20, 2004 3:45 PM Subject: HTB - Really Big problem Hello everybody! Since week i dig lists and www and can''t find solution for my problem. I''m using HTB 3.13 kernel 2-4-25 smp iptables 1.2.9. I''ve got situation like this: LAN------Linux Box(routing only)------- Linux

I thought that the below email would be of interest to LARTC readers. I wasted quite a bit of time tracking down this "feature" (bug?). Any comments that shed light on this would be appreciated. In short, "tc filter" + htb + bridging works only with ip_forward off. Andrew Athan ----------------------------------------------------------------------- All: It seems that

Well it appears i have no clue what im doing. I thought i had the below script working to shape outbound ftp traffic....however, it is shaping inbound traffic too. I have NO clue why. Please comment if anyone has any ideas why this doesnt work. I want to shape only outbound ftp traffic and not inbound or lan traffic. #!/bin/bash #shaping passive and active outbound ftp traffic on an

Ok, i think i found the problem. The script below seems to be working. I need to do some testing now. Thanks for all the help in here. If anyone has any enhancements, feel free to comment please. #!/bin/bash #shaping passive ftp traffic # mark the outbound passive ftp packets on ports 50000-51000 iptables -t mangle -D POSTROUTING -o eth0 -j MYSHAPER-OUT 2> /dev/null > /dev/null

I wanted to post my new shaping rules which I am running on my IPCOP router. They seem to be working very well so far. Any comments to my setup would be appreciated. #!/bin/bash # clear out the chain and setup a new chain iptables -t mangle -D OUTPUT -o eth1 -j BW-OUT 2> /dev/null > /dev/null iptables -t mangle -F BW-OUT 2> /dev/null > /dev/null iptables -t mangle -X BW-OUT 2>

Hi, I am using the following script to limit my outbound traffic. This scipt runs on a box behind my firewall. It limits my outbound passive ftp traffic to 39K perfectly....just like i want. However, i just noticed that it is also limiting uploads coming to my server. Is there something I can change to make it not limit uploads to my server? #!/bin/bash #shaping passive ftp traffic #

Hi, I am using the following script to limit my outbound traffic. This scipt runs on a box behind my firewall. It limits my outbound passive ftp traffic to 39K perfectly....just like i want. However, i just noticed that it is also limiting uploads coming to my server. Is there something I can change to make it not limit uploads to my server? #!/bin/bash #shaping passive ftp traffic #

Hello again, First, excuse me for my poor english. I''m trying now to make bandwith control in a firewall machine running Shorewall. This machine is also a bridge using bridge-utils bridge-utils-devel. It is a mandrake 10. The configuration is something like this: FTP/Webserver ------| eth0 eth1 Mailserver

Hello again, First, excuse me for my poor english. I''m trying now to make bandwith control in a firewall machine running Shorewall. This machine is also a bridge using bridge-utils bridge-utils-devel. It is a mandrake 10. The configuration is something like this: FTP/Webserver ------| eth0 eth1 Mailserver

I am trying to mark outbound passive ftp traffic with iptables and shape it to 35KBytes. I am using the following script on the computer that runs the ftp server. It is not working correctly, it seems to limit ALL traffic. Cant file share or anything. Anyone might know what is wrong? #!/bin/bash #shaping passive ftp traffic # mark the outbound passive ftp packets on ports 50000-51000

Hi, I''ve read ADSL-Bandwidth-Management-HOWTO http://www.tldp.org/HOWTO/ADSL-Bandwidth-Management-HOWTO/implementation.htm l#AEN166 and I''ve a doubt from script: [ ... ] # DNS name resolution (small packets) iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK --set-mark 21 [ ... ] That is a bug ? I think that " DNS name resolution (small packets) " is better

Hi folks, I have a strange situation. When I add branches to the tree, everything goes to the default class. The error might be obvious, but I cannot find it. I would really appreciate your help. this works, nothing goes to "1:9999": ############################################################################# /sbin/iptables -F -t mangle /sbin/tc qdisc del dev eth1 root >