[LARTC] Re: Mark on FTP passive traffic

To:	lartc@mailman.ds9a.nl
Subject:	[LARTC] Re: Mark on FTP passive traffic
From:	Frédéric Massot <frederic@juliana-multimedia.com>
Date:	Thu, 22 Mar 2007 10:58:46 +0100
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
In-reply-to:	<20070310020019.67ef107e@localhost>
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
Organization:	JULIANA Multimédia
References:	<esru10$6q9$1@sea.gmane.org> <20070310020019.67ef107e@localhost>
Sender:	lartc-bounces@mailman.ds9a.nl
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20061219 Iceape/1.0.7 (Debian-1.0.7-3)

Rodolfo Brasnarof wrote:

[...]

Here's what I'm using to mark ftp traffic for routing purposes, then
I use the prerouting chain:

# ftp
iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 20 -j MARK --set-mark 
1000
iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 20 -j MARK --set-mark 
1000
iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 21 -j MARK --set-mark 
1000
iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 21 -j MARK --set-mark 
1000
iptables -t mangle -A PREROUTING -m helper --helper ftp -j MARK --set-mark 1000

With the use of the ftp_conntrack helper you can match all you ftp
traffic, even passive ftp.

I hope this can help you.


Hi,

Thank you, it is really what was necessary for me.  :o)

Regards.
--
==============================================
|              FRÉDÉRIC MASSOT               |
|     http://www.juliana-multimedia.com      |
|   mailto:frederic@juliana-multimedia.com   |
===========================Debian=GNU/Linux===

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] Mark on FTP passive traffic, Frédéric Massot Re: [LARTC] Mark on FTP passive traffic, Rodolfo Brasnarof [LARTC] Re: Mark on FTP passive traffic, Frédéric Massot <=

Previous by Date:	[LARTC] Re: TC not working well with bonded nics please help, Amin Azez
Next by Date:	[LARTC] Re: "dst cache overflow" messages and crash, Frédéric Massot
Previous by Thread:	Re: [LARTC] Mark on FTP passive traffic, Rodolfo Brasnarof
Next by Thread:	[LARTC] Where is the returning connection?, Alvaro Uría
Indexes:	[Date] [Thread] [Top] [All Lists]