I am just making a guess as to why this is not working... Monowall may work some
ftp magic behind the scenes that Im not aware of..
Only the FTP control information is passed through port 21.
All the data transfer happens on port 20 if you use active FTP, so you can try
limiting port 20..
If you use passive FTP (most FTP clients do now adays), then as far as I know,
you cannot predict what port the data connection will use, and it becomes much
more difficult to control...
From: Thomas Paumier [mailto:thomas dot paumier at tiscali dot fr]
Sent: Saturday, December 20, 2003 3:16 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Trafic shaper seems doesn't work as expected
In first, I have read ALL 1400+ emails before posting this one.
I am a student in computer network administration (2nd level) in France.
I have installed a m0n0-box in a friend's cybercoffee shop. It's a small PC (p2
300,64sd, 2Go hd) but fits perfectly requirements for the usage we have.
I want to say that i love your software ! I am pretty experienced with linux --
i know that FreeBSD is NOT linux, don't bash me ! :p -- from the start and i
like "a box for all" policy.
I connect to internet trought a RP114 wich is in WAN side, customers can play as
always, but (yes, there's always a "but" :-( ), it seems i don't understand how
I have read a reply from M. Manuel Kasper (April, 2) then i have set this rule
for testing :
If=Lan, Proto=FTP, Source=any, Port=FTP(21), Destination = LAN Subnet,
Port=FTP(21), Bandwidth=64, Delay=Nul, Mask=destination.
But after this a user can still download a file at 90ko/s without any problem
(through ftp protocol) from internet. I'm totally stuck, i don't understand how
define rules for traffic shaping and it's the first goal of my m0n0-box.
Could you please give me some help ?
Ps : i have read a post from Federico Krum (november, 25) who talked about a
manual. If you need help to make a french translation, i can help you.