Re: [bwm-tools-tech] Question about rules....!

[Kobe L. <Ko...@pu...>]

Hello,

You are mis-filtering FTP traffic, port 21 is the control channel, and 
port 20 is the default data channel.
But if you're using passive mode you should also filter the traffic 
originating from the passive portrange you specified in your ftpd, or 
lookup the default portrange your ftpd uses.

BTW, always use bwm_monitor and iptables -L -n -v to check if your rules 
mark traffic as you expect it.

Greetz
Kobe

Rizwan Sarwar wrote:

> Hi,
>     i have been recently trying out this tool for bandwidth 
> management. i can not seem to figure out how to get the rules right. i 
> have a an ftp server which is connect to internet with a 1Mbps line. i 
> want to limit all outgoing ftp traffic to 512Kbps because the rest of 
> traffic is needed for some HTTP traffic and normal user requests etc. 
> I tried following rules in firewall.xml and loaded "bwmd -c firewall.xml".
>  
> <firewall> <global>
>   <modules>
>    <load name="ip_queue"/>
>   </modules>
>   <class name="ftp_traffic_out">
>   <address name="aftp_traffic_out" src="192.168.0.200" src-port="21"/>
>   </class> </global> 
>  # Traffic flows
>  <traffic>
>   <flow name="mainline" stats-len="10" queue-size="1000" 
> queue-len="100" max-rate="60000" burst-rate="70000" report-timeout="60">
>       <flow name="my_ftp_out" max-rate="55000">
>          <queue prio="50" nfmark="1001">
>               ftp_traffic_out;
>          </queue>
>       </flow>
>   </flow>
>    </traffic>
> </firewall>
> Ok what i understand from above rules is that it should limit 
> "ftp_traffic_out" type traffic to 55000 bytes ~= 55Kbytes/sec. But it 
> does not work, instead ftp keeps using full bandwidth and no 
> limitation happens. I should mention that i am using bwm tools only 
> for traffic management, my system has its own firewall i-e 
> SuSEFirewall2 which come with SuSE. Please help me, am i doing it not 
> right or is it not the tool for my problem.
>  
> Thank you.
>