On Monday 15 April 2002 23:15, Omar Armas wrote:
> I want to limit ftp bandwith to 128Kb. In a RH 7.2 box I have:
>
> eth0: 200.39.186.1
> eth1: 192.168.1.1
>
> I use these rules:
>
>
> tc qdisc add dev eth0 root handle 10: cbq bandwidth 10Mbit avpkt 1000
> tc class add dev eth0 parent 10:0 classid 10:1282 cbq bandwidth 10Mbit
> rate 128Kbit allot 1514 weight 12Kbit prio 5 maxburst 20 avpkt 1000
> bounded
> tc qdisc add dev eth0 parent 10:1282 sfq quantum 1514b perturb 15
> tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip
> dport 21 0xffff flowid 10:1282
>
> But users accesing ftp from 192.168.1.0/24 are allowed more that 128K,
> any idea aboout how to solve it?
Yes. You match destination 21, but this is only the command path. The data
path uses an other variable destination port (passive ftp uses port 20,
active ftp uses a variable port). So you can't match the data path.
There is a solution. There is a iptables match-patch so you can mark all
packets that belongs to a ftp-data stream. That mark can be used to put the
data in the class you want. I don't have more info, but maybe someone else
on the list can help you.
Stef
--
[EMAIL PROTECTED]
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.openprojects.net
_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
