[LARTC] Re: shaping outbound ftp traffic on 1 nic not working properly

Thu, 07 Oct 2004 22:59:15 -0700 

On Fri, 2004-10-08 at 06:15, [EMAIL PROTECTED] wrote:
> >Theory is.. You can only shape outbound traffic.
> Inbound is via tcp windowshaping etc..
In Linux or LARTC IIRC, it's called ingress filtering. There's also
GRED/RED etc.. but based on what I've read, it's all about dropping
packets.

TCP windowshaping, although it's built into TCP architecthure, and There
is a /proc entry for it, I still don't see it's affects. (or rather, I
don't know how to measure it)

> 
> In theory yes, but it is shaping inbound transfers to my server.
YOu're not doing any other sort of Ingress filters are you??


> >> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 65437 -j MARK --set-mark 20
> >> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:51000 -j MARK --set-mark 
> >> 20
> >> iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
> 
> >Why do you care about destination port? 
> >AFAIK, it shouldn't affect your wants since you're >not filtering on
> >incoming traffic
> 
> I dont care about destination port.  That line was commented.  BUT, incoming 
> transfers are being shaped for some reason.
Could this be shaping on the ISP side?? What happens when the tc rules
are shut off??

> Is there something I can change to make it not limit uploads to my server?
> #!/bin/bash
> #shaping passive ftp traffic
> 
> # mark the outbound passive ftp packets on ports 50000-51000
> iptables -t mangle -D POSTROUTING -o eth0 -j MYSHAPER-OUT 2> /dev/null > /dev/null
> iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null
> iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null
> 
> iptables -t mangle -N MYSHAPER-OUT
> iptables -t mangle -I POSTROUTING -o eth0 -j MYSHAPER-OUT
> 
> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 65437 -j MARK --set-mark 20
> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:51000 -j MARK --set-mark 20
> iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
[SNIP]

Can you determine what ports are being used for inbound data transfers?
What makes you select those ports you defined as the outbound??

-- 
Ow Mun Heng
Fedora GNU/Linux Core 2 on D600 1.4Ghz CPU kernel
2.6.7-2.jul1-interactive 
Neuromancer 13:56:23 up 4:48, 7 users, load average: 0.32, 0.59, 0.50 
_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Reply via email to