Results 1 to 9 of 9
  1. #1
    Newbie
    Join Date
    Oct 2019
    Posts
    8

    Default No source port for QoS?

    Hi, I am newcomer from Tomato router. I am surprised there is no source port option on Untangle QoS. I explain my situation. I have Synology NAS behind router. I run Surveillance station (port 5001) and FTP server (port 24 for SFTP) on it. I need prioritize camera YouTube live stream and deprioritize FTP. Youtube is fine, I can set destination port 1935 TCP and source IP of NAS. But what for ftp? In Tomato router I set source port 24 and source IP of NAS and all ftp connections got right priority. How can I do that with Untangle? Thank you. Lukas

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,129

    Default

    The incoming ftp port is destination port, not source.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,680

    Default

    Not if you're tagging egress traffic. But even then, the source port is n-1, not n... So yeah, I'm sitting squarely on the... how did that ever work?!? because that's just not correct wagon.

    Which incidentally, is precisely why Untangle hid the source port option.

    sFTP is run all over a single port, so you flag the session terminating on the service, and you're good. (destination port 24, in your case? It's 22 by default.)
    FTPs is like FTP run over a PASV port range, so you set a rule for stuff terminating on that range of ports on the server, again destination port. Check your server's configuration for a PASV port range, make it match.

    The ONLY time source port is needed is to deprioritise ACTIVE FTP or FTPs, which almost never happens because ACTIVE FTP doesn't traverse NAT, and as such these days it's basically never used.

    And that concludes the summary of the relevant portions of the literal books I've written on these forums on the FTP protocol.
    Last edited by sky-knight; 10-30-2019 at 08:06 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Newbie
    Join Date
    Oct 2019
    Posts
    8

    Default

    Quote Originally Posted by jcoffin View Post
    The incoming ftp port is destination port, not source.
    Oh, ok. So it is different from Tomato. Thank you very much for answer.

  5. #5
    Newbie
    Join Date
    Oct 2019
    Posts
    8

    Default

    Quote Originally Posted by sky-knight View Post
    Not if you're tagging egress traffic. But even then, the source port is n-1, not n... So yeah, I'm sitting squarely on the... how did that ever work?!? because that's just not correct wagon.

    Which incidentally, is precisely why Untangle hid the source port option.

    sFTP is run all over a single port, so you flag the session terminating on the service, and you're good. (destination port 24, in your case? It's 22 by default.)
    FTPs is like FTP run over a PASV port range, so you set a rule for stuff terminating on that range of ports on the server, again destination port. Check your server's configuration for a PASV port range, make it match.

    The ONLY time source port is needed is to deprioritise ACTIVE FTP or FTPs, which almost never happens because ACTIVE FTP doesn't traverse NAT, and as such these days it's basically never used.

    And that concludes the summary of the relevant portions of the literal books I've written on these forums on the FTP protocol.
    Yep, I changed port to 24. Because 22 is default SSH port and I had plenty of unsuccessful logins log alarms. Tomato is focused mainly on upload traffic. And it was working correctly for years with source port set to 24.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,680

    Default

    Quote Originally Posted by kisch View Post
    Yep, I changed port to 24. Because 22 is default SSH port and I had plenty of unsuccessful logins log alarms. Tomato is focused mainly on upload traffic. And it was working correctly for years with source port set to 24.
    And I can't explain why, because again that's simply incorrect. There is no traffic sourced from 24 going anywhere. The FTPs clients connect from a random high number port > 1024 to the service port, TCP 24 in this case. The rule you had, even on tomato shouldn't have worked. And more than likely simply wasn't, but because of tomato's terrible visibility, you never noticed.

    FTP is a terrible protocol... so I wouldn't worry about it too much.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Newbie
    Join Date
    Oct 2019
    Posts
    8

    Default

    Tomato (at least some clones have) QoS pie chart. And sFTP traffic was correctly assigned to its priority class. And I had never problem with VOIP or other services during full ftp traffic (had low priority, but could reach 100% of upload limit when possible).

    Anyway thank you and I hope Untangle QoS works in bridge mode.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,680

    Default

    And I cannot explain why, because once again... that configuration is incorrect. This isn't a Tomato vs Untangle thing... this is a this is how TCP/IP works thing!

    Source port is almost never a working configuration!
    Last edited by sky-knight; 10-30-2019 at 08:45 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Newbie
    Join Date
    Oct 2019
    Posts
    8

    Default

    I believe you. And thank you for clarification. And I am happy I can set different priority this way.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2