Help Shape Outbound FTP traffic
-
I am trying to shape my outgoing FTP traffic by putting it in a lower priority que. My other Floating rules are working fine, but am having issues with the FTP. I created a Layer7 FTP rule (attachment 1). By itself it doesn't seem to do anything. After some research it looks like I needed to apply it to a Pass floating rule. So I created a rule for Active FTP (Destination port 20) from Any. Under advanced features I set the AckQueue/Queue to the qAck and qOthersLow, and the Layer7 field to my FTP rule (attachment 2). It doesn't seem to catch anything.
If I remove the port number, it catches things it shouldn't (like traffic to remote computers over the IPSEC VPN.)
Anyone have any idea's on how I can identify and filter FTP traffic, both passive and active?
Edit: I am using HFSC, but I don't think that matters for this question.
![FTP L7.png](/public/imported_attachments/1/FTP L7.png)
![FTP L7.png_thumb](/public/imported_attachments/1/FTP L7.png_thumb)
-
What do you mean when you say outgoing FTP? Upload from your desktop to the Internet, or outbound from your LAN-based FTP server? Floating rules use the MATCH action, not PASS, from what I remember.
-
@KOM:
What do you mean when you say outgoing FTP? Upload from your desktop to the Internet, or outbound from your LAN-based FTP server?
Upload from desktop to an FTP server on the internet.
Floating rules use the MATCH action, not PASS, from what I remember.
I tried that, but it said when I did it that Layer7 needed to be a Pass rule, which is why it is set to Pass.
I'm still researching. I found that maybe pfSense has an FTP helper built in and this might be breaking the queue. Does anybody know?
-
You might have better luck elevating important traffic to a high-priority queue and relegating all other traffic, including FTP, to a low queue.
-
I think that is what I am going to do. I read this post and learned quite a bit more. The rest of that thread is good too.