From owner-freebsd-net Mon Jan 1 12: 8:41 2001 From owner-freebsd-net@FreeBSD.ORG Mon Jan 1 12:08:39 2001 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from totem.fix.no (totem.fix.no [213.142.66.130]) by hub.freebsd.org (Postfix) with ESMTP id 4868137B400 for ; Mon, 1 Jan 2001 12:08:39 -0800 (PST) Received: by totem.fix.no (Postfix, from userid 1000) id 3BD763C97; Mon, 1 Jan 2001 21:08:26 +0100 (CET) Date: Mon, 1 Jan 2001 21:08:26 +0100 From: Anders Nordby To: freebsd-net@freebsd.org Subject: ipfw uid rules and matching specific services for bandwidth limiting Message-ID: <20010101210826.A69852@totem.fix.no> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Operating-System: FreeBSD 4.1.1-STABLE X-PGP-Key: http://anders.fix.no/pgp/ X-PGP-Key-FingerPrint: 1E0F C53C D8DF 6A8F EAAD 19C5 D12A BC9F 0083 5956 Sender: anders@totem.fix.no Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, Are people actually using uid type rules heavily? I'm having trouble matching the packets generated by programs like Apache and ProFTPD. I believe that may be because of root binding the ports these programs use before they setuid() or something, I'm not sure. Particularly I have trouble matching the packets of active FTP, since I have random ports on both ends to deal with and can't match them by port either. Does anyone have a solution to this? Yep, this is for use with Dummynet, which works OK as long as I get to match the packets I need. :-) ProFTPD's mod_xfer module doesn't seem to be able to globally set a max. transfer rate for all transfers in total either, it seems. I suppose I can proxy the traffic and then match the packets somehow perhaps.. Cheers, -- Anders. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message