Re: Mark on FTP passive traffic

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Rodolfo Brasnarof wrote:

[...]
Here's what I'm using to mark ftp traffic for routing purposes, then
I use the prerouting chain:

# ftp
iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 20 -j MARK --set-mark 1000
iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 20 -j MARK --set-mark 1000
iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 21 -j MARK --set-mark 1000
iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 21 -j MARK --set-mark 1000
iptables -t mangle -A PREROUTING -m helper --helper ftp -j MARK --set-mark 1000

With the use of the ftp_conntrack helper you can match all you ftp
traffic, even passive ftp.

I hope this can help you.

Hi,

Thank you, it is really what was necessary for me.  :o)

Regards.
--
==============================================
|              FRÉDÉRIC MASSOT               |
|     http://www.juliana-multimedia.com      |
|   mailto:frederic@xxxxxxxxxxxxxxxxxxxxxx   |
===========================Debian=GNU/Linux===

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux