Re: traffic not getting into class | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
> ${TC} filter add dev ${DEV_IFB} parent 1:0 prio 4 protocol ip u32 \
> match ip protocol 0x6 0xff \
> match ip dport 21 0xffff \
> classid 1:14 # ftp-server
>
> This works fine, but traffic for 1:14 (ftp) never gets into 1:14.
>
> Is there a certain rule order in which filters must be written? As far
> as I can see I haven't made any mistakes in these filters...
>
> Anyone a hint?
>
Port 21 is used only by the control connection of FTP. Active mode FTP
uses port 20 to do the actual downloading and Passive mode uses random
ports. I think you need to mark packets in iptables using
ip_conntrack_ftp helper to identify ftp packets.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Home] [Bugtraq] [Fedora Legacy] [GCC Help] [Yosemite News] [PDAs] [Yosemite Photos] [IP Tables] [Netfilter Devel] [Fedora Users]