RE: traffic not getting into class

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Wouldn't it depend on if you are using passive FTP or not?

http://www.slacksite.com/other/ftp.html 


Shane McKinley
Habersham EMC

-----Original Message-----
From: richard lucassen [mailto:mailinglists@xxxxxxxxxxxx] 
Sent: Monday, December 17, 2007 6:10 AM
To: lartc@xxxxxxxxxxxxxxx
Subject:  traffic not getting into class

Hello list,

I have these sorts of filters, putting traffic into the appropiate
classid (1:15 is the default class):

  ${TC} filter add dev ${DEV_IFB} parent 1:0 prio 1 protocol ip u32 \
    match ip protocol 0x6 0xff \
    match ip sport 22 0xffff \
    classid 1:11 # ssh

  ${TC} filter add dev ${DEV_IFB} parent 1:0 prio 1 protocol ip u32 \
    match ip protocol 0x6 0xff \
    match ip dport 22 0xffff \
    classid 1:11 # ssh

{and a few more 1:11 filters]

  ${TC} filter add dev ${DEV_IFB} parent 1:0 prio 1 protocol ip u32 \
    match ip protocol 0x11 0xff \
    match ip sport 123 0xffff \
    classid 1:11 # return packets NTP

  ${TC} filter add dev ${DEV_IFB} parent 1:0 prio 1 protocol ip u32 \
    match ip protocol 0x06 0xff \
    match u8 0x05 0x0f at 0 \
    match u8 0x10 0xff at 33 \
    match u16 0x000 0xffc0 at 2 \
    classid 1:11 # ACK's

  ${TC} filter add dev ${DEV_IFB} parent 1:0 prio 2 protocol ip u32 \
    match ip protocol 0x6 0xff \
    match ip dport 80 0xffff \
    classid 1:12 # Webserver

  ${TC} filter add dev ${DEV_IFB} parent 1:0 prio 3 protocol ip u32 \
    match ip protocol 0x6 0xff \
    match ip sport 443 0xffff \
    classid 1:13 # webmail server
    
  ${TC} filter add dev ${DEV_IFB} parent 1:0 prio 4 protocol ip u32 \
    match ip protocol 0x6 0xff \
    match ip dport 21 0xffff \
    classid 1:14 # ftp-server

This works fine, but traffic for 1:14 (ftp) never gets into 1:14.

Is there a certain rule order in which filters must be written? As far
as I can see I haven't made any mistakes in these filters...

Anyone a hint?

R.

--
___________________________________________________________________
It is better to remain silent and be thought a fool, than to speak aloud
and remove all doubt.

+------------------------------------------------------------------+
| Richard Lucassen, Utrecht                                        |
| Public key and email address:                                    |
| http://www.lucassen.org/mail-pubkey.html                         |
+------------------------------------------------------------------+
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux