[LARTC] Re: shaping outbound ftp traffic on 1 nic not working properly
Ow Mun Heng
Ow.Mun.Heng@wdc.com
Fri, 08 Oct 2004 14:00:26 +0800
On Fri, 2004-10-08 at 06:15, nix4me@cfl.rr.com wrote:
> >Theory is.. You can only shape outbound traffic.
> Inbound is via tcp windowshaping etc..
In Linux or LARTC IIRC, it's called ingress filtering. There's also
GRED/RED etc.. but based on what I've read, it's all about dropping
packets.
TCP windowshaping, although it's built into TCP architecthure, and There
is a /proc entry for it, I still don't see it's affects. (or rather, I
don't know how to measure it)
>
> In theory yes, but it is shaping inbound transfers to my server.
YOu're not doing any other sort of Ingress filters are you??
> >> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 65437 -j MARK --set-mark 20
> >> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:51000 -j MARK --set-mark 20
> >> iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
>
> >Why do you care about destination port?
> >AFAIK, it shouldn't affect your wants since you're >not filtering on
> >incoming traffic
>
> I dont care about destination port. That line was commented. BUT, incoming transfers are being shaped for some reason.
Could this be shaping on the ISP side?? What happens when the tc rules
are shut off??
> Is there something I can change to make it not limit uploads to my server?
> #!/bin/bash
> #shaping passive ftp traffic
>
> # mark the outbound passive ftp packets on ports 50000-51000
> iptables -t mangle -D POSTROUTING -o eth0 -j MYSHAPER-OUT 2> /dev/null > /dev/null
> iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null
> iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null
>
> iptables -t mangle -N MYSHAPER-OUT
> iptables -t mangle -I POSTROUTING -o eth0 -j MYSHAPER-OUT
>
> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 65437 -j MARK --set-mark 20
> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:51000 -j MARK --set-mark 20
> iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
[SNIP]
Can you determine what ports are being used for inbound data transfers?
What makes you select those ports you defined as the outbound??
--
Ow Mun Heng
Fedora GNU/Linux Core 2 on D600 1.4Ghz CPU kernel
2.6.7-2.jul1-interactive
Neuromancer 13:56:23 up 4:48, 7 users, load average: 0.32, 0.59, 0.50