On Monday 15 April 2002 23:15, Omar Armas wrote:
> I want to limit ftp bandwith to 128Kb. In a RH 7.2 box I have:
>
> eth0: 200.39.186.1
> eth1: 192.168.1.1
>
> I use these rules:
>
>
> tc qdisc add dev eth0 root handle 10: cbq bandwidth 10Mbit avpkt 1000
> tc class add dev eth0 parent 10:0 classid 10:1282 cbq bandwidth 10Mbit
> rate 128Kbit allot 1514 weight 12Kbit prio 5 maxburst 20 avpkt 1000
> bounded
> tc qdisc add dev eth0 parent 10:1282 sfq quantum 1514b perturb 15
> tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip
> dport 21 0xffff flowid 10:1282
>
> But users accesing ftp from 192.168.1.0/24 are allowed more that 128K,
> any idea aboout how to solve it?
Yes. You match destination 21, but this is only the command path. The d=
ata=20
path uses an other variable destination port (passive ftp uses port 20,=20
active ftp uses a variable port). So you can't match the data path.
There is a solution. There is a iptables match-patch so you can mark all=
=20
packets that belongs to a ftp-data stream. That mark can be used to put =
the=20
data in the class you want. I don't have more info, but maybe someone el=
se=20
on the list can help you.
Stef
--=20
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.openprojects.net
