I am using wondershaper with htb to shape my network. I want to limit only outbound ftp traffic (me uploading) from 192.168.1.101.
I am using port 21 for ftp with passive ports 50,000-60,000.
That's a large range of ports to shape, and other programs might be using them - that's a problem with passive ftp you can't easily avoid.
What else do I need to put in the config to do this? Here is my config.You can't match IP and port with the normal wondershaper script.
You also can't match NATed source IP addresses on your egress qdisc, which means any rule you setup for ports 21, 50000-60000 will apply to all machines on your LAN.
What you should probabaly do, is use iptables to mark all outbound traffic from src 192.168.1.101 on port 21, 50000-60000 with TOS 0x08 (Maximum Throughput) and then add another u32 filter into wondershaper
tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 match ip tos 0x08 0xff flowid 1:30
regards
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Damion de Soto - Software Engineer email: damion@xxxxxxxxxxxx SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliances web: http://www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- Free Embedded Linux Distro at http://www.snapgear.org ---
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
