I am stucked with this and not able to get my head around how this FTP traffic. I am trying to set up my queues so that the FTP will have lowest priority. But I can’t mark the traffic. How can this traffic:
bypass this rule. The traffic is not marked or skipped by any of the other mangle rules. It just passes all the rules withour being registered.
action=mark-connection chain=prerouting comment=
“Other PCs low priority Traffic” disabled=no new-connection-mark=
Other-Low-Conn passthrough=yes protocol=tcp src-address=192.168.0.0/24
src-port=1024-53000
add action=mark-packet chain=prerouting comment=“” connection-mark=
Other-Low-Conn disabled=no new-packet-mark=Other_Low passthrough=no
mark related connections too.
Thanks Ibersystems, I am not sure how to do this. I left the “connection state” open, so I thought it would then cover all connection states. Should I add a second rule special for “related connections”?
Thanks,
Bjarne
Hi,
why don’t you mark this with mangle:
add chain=prerouting action=mark-connection new-connection-mark=FTP_CON passthrough=yes dst-port=21 protocol=tcp \
comment="FTP Connection" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=FTP passthrough=no connection-mark=FTP_CON comment="FTP Packet" \
disabled=no
: ?
Thanks Ibersystems, I have been experimenting a bit with both rules.
chain=prerouting action=mark-connection new-connection-mark=Other-Low-Conn passthrough=yes protocol=tcp
src-address=192.168.0.0/24 src-port=21 connection-type=ftp
chain=prerouting action=mark-packet new-packet-mark=Other_Low passthrough=no connection-mark=Other-Low-Conn
is not able to capture the FTP traffic, maybe because of the passive mode.
The old rule
chain=prerouting action=mark-connection new-connection-mark=Other-Low-Conn passthrough=yes protocol=tcp
src-address=192.168.0.0/24 src-port=1024-53000
chain=prerouting action=mark-packet new-packet-mark=Other_Low passthrough=no connection-mark=Other-Low-Conn
capture the FTP traffic OK. But if I then pause and restart the download or loose the connection and reconnect then traffic bypasses the rule again. In some cases when downloading more files the rule suddenly stop registering the traffic after one file has completed and the next file start to download.
The meaning with the old rule is also that it should capture all traffic like per-to-per other downloads then port 80 and FTP and give all that traffic a lower priority in the que.
Does any of you have a good rule for this purpose.
rgs Pilgrim
Hi,
Below is how I’m marking Passive FTP traffic:
add action=add-dst-to-address-list address-list=FTP_Servers address-list-timeout=1h chain=prerouting comment=FTP_Server_Address_Finder disabled=no dst-port=20,21 protocol=tcp
add action=mark-packet chain=prerouting comment=FTP_Download disabled=no new-packet-mark=ftp_download passthrough=no protocol=tcp src-address-list=FTP_Servers src-port=20,21,1024-65535
add action=mark-packet chain=prerouting comment=FTP_Upload disabled=no dst-address-list=FTP_Servers dst-port=20,21,1024-65535 new-packet-mark=ftp_upload passthrough=no protocol=tcp
Maybe not perfect, but works 
Regards, Grzegorz.
Thanks, Guy’s
Got something to work with again.
rgs Pilgrim