Re: shaping outbound ftp traffic on 1 nic not working properly

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2004-10-08 at 06:15, nix4me@xxxxxxxxxx wrote:
> >Theory is.. You can only shape outbound traffic.
> Inbound is via tcp windowshaping etc..
In Linux or LARTC IIRC, it's called ingress filtering. There's also
GRED/RED etc.. but based on what I've read, it's all about dropping
packets.

TCP windowshaping, although it's built into TCP architecthure, and There
is a /proc entry for it, I still don't see it's affects. (or rather, I
don't know how to measure it)

> 
> In theory yes, but it is shaping inbound transfers to my server.
YOu're not doing any other sort of Ingress filters are you??


> >> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 65437 -j MARK --set-mark 20
> >> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:51000 -j MARK --set-mark 20
> >> iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
> 
> >Why do you care about destination port? 
> >AFAIK, it shouldn't affect your wants since you're >not filtering on
> >incoming traffic
> 
> I dont care about destination port.  That line was commented.  BUT, incoming transfers are being shaped for some reason.
Could this be shaping on the ISP side?? What happens when the tc rules
are shut off??

> Is there something I can change to make it not limit uploads to my server?
> #!/bin/bash
> #shaping passive ftp traffic
> 
> # mark the outbound passive ftp packets on ports 50000-51000
> iptables -t mangle -D POSTROUTING -o eth0 -j MYSHAPER-OUT 2> /dev/null > /dev/null
> iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null
> iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null
> 
> iptables -t mangle -N MYSHAPER-OUT
> iptables -t mangle -I POSTROUTING -o eth0 -j MYSHAPER-OUT
> 
> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 65437 -j MARK --set-mark 20
> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:51000 -j MARK --set-mark 20
> iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
[SNIP]

Can you determine what ports are being used for inbound data transfers?
What makes you select those ports you defined as the outbound??

-- 
Ow Mun Heng
Fedora GNU/Linux Core 2 on D600 1.4Ghz CPU kernel
2.6.7-2.jul1-interactive 
Neuromancer 13:56:23 up 4:48, 7 users, load average: 0.32, 0.59, 0.50 
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux