I am trying to implement Qos. I had specifed must services by their port numbers.
But I am having problem on ftp pasv connection, because of they dont use std tcp 20-21.
How can I solve this problem?
I was wondering the same, because pasvFTP uses dynamic ports.
There must be a way. You’d would need to capture the initial connection which goes:
Client Dynamic Port - Port 21 of FTP Server
Then you would need to apply your QOS rules on the data connection which runs on the ‘Client’s Dynamic Port’ + 1 to a random port on the server.
It may be possible using the connection mark method, but I’m not sure how you could group the the two ‘connections’ together.
Hmm Linux has two specific modules to do this:
ip_conntrack_ftp
ip_nat_ftp
From v2.9 mangle manual:
connection-type (ftp | gre | h323 | irc | mms | pptp | quake3 | tftp) - match packets with given connection type
Don’t know, though, whether it’ll catch passive ftp.
Eugene