Mailing List Archive

Do destination-port of ftp



-----Original Message-----
From: juniper-nsp-bounces@puck.nether.net
[mailto:juniper-nsp-bounces@puck.nether.net] On Behalf Of
hhadiwinoto@hotpop.com
Sent: Friday, June 13, 2003 2:01 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] How to rate limit ftp traffic

Hi all,

i have simple question related with rate limit ftp traffic. i want to
limit
all the ftp traffic out of my networks..

i have configured rate-limit as below,

from {
protocol tcp;
source-port [ ftp-data ftp ];
}
then {
policer ftp-500k;
count policer-ftp;

but it didnt work since most the ftp servers use passive mode which use
port greater than 1024. any helps will be appreciated.


regards
hendro

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .



_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp

On Fri, Jun 13, 2003 at 05:00:58PM -0400, hhadiwinoto@hotpop.com wrote:
| Hi all,
|
| i have simple question related with rate limit ftp traffic. i want to limit
| all the ftp traffic out of my networks..
|
| i have configured rate-limit as below,
|
| from {
| protocol tcp;
| source-port [ ftp-data ftp ];
| }
| then {
| policer ftp-500k;
| count policer-ftp;
|
| but it didnt work since most the ftp servers use passive mode which use
| port greater than 1024. any helps will be appreciated.

use port instead of source-port; port implies source-port OR destination-port

/hannes