Hi, I set my linux box with squid and cbq, my iptables redirect all the http request to squid. I'm using cbq to limit ftp, kazaa etc. now the problem is ; I found some website which have a ftp link to download files using ramdom port number, my iptables cannot redirect the port so it eatup my bandwith, I tried to use cbq to limit other ports but keep dissapoint with the result as the website will always using different port and cbq won't be able handle it.

can anyone help me with this, for sure what I need is to limit port except http port (80) and also to keep everyone using irc smoothly...

please help.. thanks..

i hope the following link can help u
http://www.szabilinux.hu/bandwidth/

try to mark ftp packets with iptables.

if it works let me know please. cos i didnt try that before.

thanks.. I've seen the website before I'm posting my question, and still trying to make it works, I'm still newbie so it's gonna takes time for me to try..

but if anyone know how to do it in easier way like using cbq please let me know.. thanks again

i didnt use cbq be4. but nowadays im searching about user based bandwidth limiting. but there is something about ftp and cbq at http://www.tldp.org/HOWTO/Bandwidth-...HOWTO/cbq.html

-

thanks for your suggestion.. hmmm let me explain my question more clearly ; I've installed squid with delay pools so it will limit all downloading files with .exe .zip etc extension, since squid can not limit ftp port then I set cbq to limit port 21 and 22 (I set kazaa's etc. port with cbq as well). Now my problem is theres some website (ie. mysql.com) which provide link to download via ftp, I found it download from port 1339 (which in this case I'm not set the cbq to limit the port) then I stop the the progress and set the cbq to limit any traffic through 1339 port, when it setted I reopen the website and click the same link to download the files, voila.. now it downloading through 2883 port.. and again the cbq can not handle it..

I don't want to limit all ports especially 80... I just want everyone can surf the net quickly without eatup my bandwith by downloading files..

thanks again..

sorry i cant help u more.

i just have an idea to do that.

go to http://www.szabilinux.hu/bandwidth/ and change the iptables commands like this:

$IPTABLES -t mangle -A FORWARD -s 192.168.0.128/29 -p tcp --dport "port_number" -j MARK --set-mark 3
$IPTABLES -t mangle -A FORWARD -s 192.168.0.6 -p tcp --dport "port_number" -j MARK --set-mark 3

# Download marking
$IPTABLES -t mangle -A POSTROUTING -s ! 192.168.0.0/24 -d 192.168.0.128/29 -p tcp --sport "port_number" -j MARK --set-mark 4
$IPTABLES -t mangle -A POSTROUTING -s ! 192.168.0.0/24 -d 192.168.0.6 -p tcp --sport "port_number" -j MARK --set-mark 4

lan: 192.168.0.0./24

change "port_number" to port u wanna limit, and try. i hope it will work

well, I believe it will works for general limiting purpose.. unfortunately, as I told you that I wont be able to figure out what port number will be used.. everytime I open the link.. it use different port number.. (unless I'm lucky)

ok.. thanks for your help..

Check out Trickle. You can set it up to run as a daemon to control up/download rates for specific programs (ftp, sftp, ncftp, etc.)

Enjoy!
--- Cerbere

oh thanks
hmm.. I just installed the trickle, but to be honest I don't understand how does it work

I'll keep trying to make it works anyway, thanks a lot