[LARTC] Re: Mark on FTP passive traffic
Frédéric Massot
frederic at juliana-multimedia.com
Thu Mar 22 10:58:46 CET 2007
Rodolfo Brasnarof wrote:
>
[...]
> Here's what I'm using to mark ftp traffic for routing purposes, then
> I use the prerouting chain:
>
> # ftp
> iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 20 -j MARK --set-mark 1000
> iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 20 -j MARK --set-mark 1000
> iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 21 -j MARK --set-mark 1000
> iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 21 -j MARK --set-mark 1000
> iptables -t mangle -A PREROUTING -m helper --helper ftp -j MARK --set-mark 1000
>
> With the use of the ftp_conntrack helper you can match all you ftp
> traffic, even passive ftp.
>
> I hope this can help you.
Hi,
Thank you, it is really what was necessary for me. :o)
Regards.
--
==============================================
| FRÉDÉRIC MASSOT |
| http://www.juliana-multimedia.com |
| mailto:frederic at juliana-multimedia.com |
===========================Debian=GNU/Linux===
More information about the LARTC
mailing list