From owner-freebsd-questions Fri Oct 4 11:25:21 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B0D237B401 for ; Fri, 4 Oct 2002 11:25:20 -0700 (PDT) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5BA1B43E6A for ; Fri, 4 Oct 2002 11:25:19 -0700 (PDT) (envelope-from fgleiser@cactus.fi.uba.ar) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by cactus.fi.uba.ar (8.12.3/8.12.3) with ESMTP id g94IMuSL091192; Fri, 4 Oct 2002 15:22:57 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Fri, 4 Oct 2002 15:22:56 -0300 (ART) From: Fernando Gleiser To: greg Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Dummynet & ports In-Reply-To: <3D9DCF05.1000406@slough-feg.com> Message-ID: <20021004151252.B90352-100000@cactus.fi.uba.ar> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Status: No, hits=-2.3 required=5.0 tests=IN_REP_TO,DOUBLE_CAPSWORD version=2.31 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 4 Oct 2002, greg wrote: > I have dummynet working fine for controlling bandwidth. > > My question is can i control bandwidth on certain ports ie, ftp? Yes you can. with http you say 'ipfw add pipe 1 tcp from any 80 to ' and the configure the pipe. With FTP it is a bit more complicated, because of the way FTP work. You need to add a rule for active mode FTP and another for passive mode. with active mode it's easy, just replace 80 with 20 in the example and you are done. With passive it is not that easy because the server uses an ephemeral port, and the range for that ephemeral port depends on things like operating system, ftp server and the like. Ftp is bad, mmmmkay? ftp is brain damaged, mmmkay? :) Learnin how to set up FTP (both incoming and outgoing) through a firewall, without opening it too much is one of the passage rites for the serious firewall sysadmin. Fer > > Instead of slowing the entire box down? > > -g > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message