Rodolfo Brasnarof wrote:
[...]
Here's what I'm using to mark ftp traffic for routing purposes, then I use the prerouting chain: # ftp iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 20 -j MARK --set-mark 1000 iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 20 -j MARK --set-mark 1000 iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 21 -j MARK --set-mark 1000 iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 21 -j MARK --set-mark 1000 iptables -t mangle -A PREROUTING -m helper --helper ftp -j MARK --set-mark 1000 With the use of the ftp_conntrack helper you can match all you ftp traffic, even passive ftp. I hope this can help you.
Hi, Thank you, it is really what was necessary for me. :o) Regards. -- ============================================== | FRÉDÉRIC MASSOT | | http://www.juliana-multimedia.com | | mailto:frederic@xxxxxxxxxxxxxxxxxxxxxx | ===========================Debian=GNU/Linux=== _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
