4. Shaping FTP

Shaping FTP

  • Y

    All,

    I'm using 2.0 stable, and cannot get shaping for FTP to work. No matter what I try, all FTP downloads (to client on LAN) ends up in the default queue. Shouldn't it be as simple as adding a floating rule for port 21?

    match  on {  vr1  }  proto tcp  from any to any port 21  queue (qOthersLow,qACK)  label "USER_RULE: m_Other FTP"

    What am I missing?

    Thanks.

    0
  • P

    port 21 is the control port.
    port 20 is the port for active mode data transfer.
    and passive is anything over port 1024.
    If you are only shaping the control port, then you are not going to shape the data ports.

    0
  • Y

    Okay… Port 20 is easy enough to add. Passive mode will be more difficult. Can I use layer 7 to put passive FTP traffic into queues? I tried that a bit yesterday, but wound up killing all traffic to the interface.

    What I did is create a new group with a FTP layer 7 queue. I then applied that to default rule that allows all traffic on that interface. For some reason, this killed all traffic to that interface.

    Thanks again.

    0
  • P

    I have not used layer 7 shaping yet … what I did was use the P2P catch all and assigned it the lowest possible priority. This way any other traffic won't have a problem and FTP/torrents can have what is left.

    0

  • keep in mind that active ftp transfers are done with client source port 20 instead of server destination port

    client:20 -> server:any

    0
  • Y

    Good point. Thanks.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy