similar to: limiting outbound passive ftp

I am trying to mark outbound passive ftp traffic with iptables and shape it to 35KBytes. I am using the following script on the computer that runs the ftp server. It is not working correctly, it seems to limit ALL traffic. Cant file share or anything. Anyone might know what is wrong? #!/bin/bash #shaping passive ftp traffic # mark the outbound passive ftp packets on ports 50000-51000

Hi, I am using the following script to limit my outbound traffic. This scipt runs on a box behind my firewall. It limits my outbound passive ftp traffic to 39K perfectly....just like i want. However, i just noticed that it is also limiting uploads coming to my server. Is there something I can change to make it not limit uploads to my server? #!/bin/bash #shaping passive ftp traffic # mark the

I am trying to mark outbound passive ftp traffic with iptables and shape it to 35KBytes. I am using the following script on the computer that runs the ftp server. It is not working correctly, it seems to limit ALL traffic. Cant file share or anything. Anyone might know what is wrong? It seems that I might need to add a ''lan limit'' so all traffic that is not marked still

>In theory yes, but it is shaping inbound transfers to my server. >YOu''re not doing any other sort of Ingress filters are you?? No >I dont care about destination port. That line was commented. BUT, incoming transfers are being shaped for some reason. >Could this be shaping on the ISP side?? What >happens when the tc rules >are shut off?? No, everything works fine

>Theory is.. You can only shape outbound traffic. Inbound is via tcp windowshaping etc.. In theory yes, but it is shaping inbound transfers to my server. >> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 65437 -j MARK --set-mark 20 >> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:51000 -j MARK --set-mark 20 >> iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0

Hi, I just wanted to share my script with the list. I have been trying to shape outbound passive and active ftp traffic without affecting inbound and lan transfers. I have tried to do this for a long time and it seems that I have finally figured it out. Feel free to comment on the below script if there is anything that can be improved. It seems to work flawlessly so far. #!/bin/bash

Will the following rules work to mark and shape OUTBOUND ftp speed (passive ftp ports 50000-60000) on my linux server? I want to be able to run these commands on the actual computer that is running the ftp server. iptables -t mangle -N MYSHAPER-OUT iptables -t mangle -I POSTROUTING -o eth0 -j MYSHAPER-OUT iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 50000:60000 -j MARK --set-mark 1 tc

Hi, I am using the following script to limit my outbound traffic. This scipt runs on a box behind my firewall. It limits my outbound passive ftp traffic to 39K perfectly....just like i want. However, i just noticed that it is also limiting uploads coming to my server. Is there something I can change to make it not limit uploads to my server? #!/bin/bash #shaping passive ftp traffic #

Hi, I am currently using a script to shape my outbound ftp traffic. Works great except for 1 thing. When a user goes to list a dir, the listing is also getting shaped. This causes dir listings to be very slow. Is there a way to differentiate the dir listing packets? Here is a my current script: #!/bin/bash #shaping passive and active outbound ftp traffic on an internal computer without

Ok, i think i found the problem. The script below seems to be working. I need to do some testing now. Thanks for all the help in here. If anyone has any enhancements, feel free to comment please. #!/bin/bash #shaping passive ftp traffic # mark the outbound passive ftp packets on ports 50000-51000 iptables -t mangle -D POSTROUTING -o eth0 -j MYSHAPER-OUT 2> /dev/null > /dev/null

I am currently running the following script on an internal machine to shape outbound ftp and email traffic. I am trying to move the script to my nat router (ipcop with 2 nic cards) so that it shapes the whole network and not only the outbound of 1 box. I have cable modem -> ipcop (eth1) >(eth0 - 192.168.1.1) > 192.168.1.100 and 192.168.1.101. The scripts works great running on

Hi, I am using the following script to limit my outbound traffic. This scipt runs on a box behind my firewall. It limits my outbound passive ftp traffic to 39K perfectly....just like i want. However, i just noticed that it is also limiting uploads coming to my server. Is there something I can change to make it not limit uploads to my server? #!/bin/bash #shaping passive ftp traffic #

Well it appears i have no clue what im doing. I thought i had the below script working to shape outbound ftp traffic....however, it is shaping inbound traffic too. I have NO clue why. Please comment if anyone has any ideas why this doesnt work. I want to shape only outbound ftp traffic and not inbound or lan traffic. #!/bin/bash #shaping passive and active outbound ftp traffic on an

Hi, I am currently using the following script to shape traffic on my linux box. I am getting ready to move the script to my linux firewall box so it shapes traffic for my home lan. I am looking to refine my rules a bit so to make bandwidth sharing a bit more efficient. Specifically I am looking to give out bound email more priority so that when a large email is sent, I want it to borrow all

Hi, I have tried unsuccesfully to limit my ftp server send speed in linux. I have an ipcop linux firewall/router with 2 nics. 1 nic (eth1) is connected to a 3mbit/384Kbit cable connection and the other (eth0) a switch. Behind it i have a suse linux box and a windows box. On the suse box i run proftpd. I need to shape my passive ftp send speed to 34KBytes because if it is maxed out at 45K

Hello, I''m observing a weird bug with ip_nat_ftp in a somewhat more complicated constellation. It''s possible that XEN is also involved in this, but I''m not sure. What I''m trying to do is have XEN guest domains on a host, connected via a bridge into a private network. The the privileged domain attaches to this private network and acts as a NAT router to connect

Hi, I use for a customer a Linux router/firewall with 1 internal interface connected to the LAN and 3 external interfaces connected to 3 different ISP. I use a kernel 2.6.17 with a routes patch from Julian Anastasov. I mark outgoing FTP traffic for the routing. With the rules below I do not have a problem with the active/normal FTP to connect on FTP server. But the passive FTP does not pass

In my attempt to move my traffic shaping to my router from an internal box, I have come up with a new set of rules. I would appreciate any feedback the list members might have. What I am trying to do is shape my outbound bandwidth so that my que doesn''t get full. I run a ftp server 24/7, do normal email, some ssh, web surfing and some downloading. I have a cable modem with 10mbit

I am trying to control traffic in my server and a doubt came over me... My ftp server is set up in passive mode, so it will randomly choose a port to transfer data (in my case ports 50000-50100)... Is there a way of controlling this ftp traffic without marking packets? Thanks! Bye... msn: fredi_bieging@hotmail.com skype: fredibieging A mathematician is a machine for converting coffee into

-------- Original Message -------- Subject: Re: [LARTC] DNAT rule for vsftp (PASSIVE FTP) Date: Fri, 05 Oct 2007 12:17:42 +0530 From: Mohan Sundaram <smohan@vsnl.com> Reply-To: smohan@vsnl.com To: Indunil Jayasooriya <indunil75@gmail.com> References: <7ed6b0aa0710042251u6442fb85ma74e46aa9d3f81f9@mail.gmail.com> Indunil Jayasooriya wrote: > Hi all, > > I want to run