Qos & FTP Pasv

binary · Sun Dec 19, 2004 5:01 pm

I am trying to implement Qos. I had specifed must services by their port numbers.

But I am having problem on ftp pasv connection, because of they dont use std tcp 20-21.

How can I solve this problem?

wildbill442 · Mon Dec 20, 2004 12:54 pm

I was wondering the same, because pasvFTP uses dynamic ports.

wjw · Tue Dec 21, 2004 10:26 am

There must be a way. You'd would need to capture the initial connection which goes:

Client Dynamic Port - Port 21 of FTP Server

Then you would need to apply your QOS rules on the data connection which runs on the 'Client's Dynamic Port' + 1 to a random port on the server.

It may be possible using the connection mark method, but I'm not sure how you could group the the two 'connections' together.

wjw · Tue Dec 21, 2004 10:35 am

Hmm Linux has two specific modules to do this:

ip_conntrack_ftp
ip_nat_ftp

Eugene · Tue Dec 21, 2004 6:32 pm

From v2.9 mangle manual:
connection-type (ftp | gre | h323 | irc | mms | pptp | quake3 | tftp) - match packets with given connection type

Don't know, though, whether it'll catch passive ftp.

Eugene