Re: slow ftp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hello Dufresne,

Problem solved after I added ...
     UseReverseDNS                   off
     IdentLookups                    off

to proftpd.conf as Michael Gale suggested

Thanks and regards

Askar 
On Thu, 17 Feb 2005 12:51:56 -0500 (EST), R. DuFresne
<dufresne@xxxxxxxxxxx> wrote:
> 
> What kind of latencies are you observing?  any time one puts a firewall
> into the miix, or encryption there is agont to be an increase in latency.
> Add state tracking and increase the latency level, add large rules sets,
> and increase the latency level, ftp via ssh'ed connections, add latency,
> hope from one system to another hitting firewall boundries and adding
> ssh'ed connections up the latency level.  Try and connect to a server that
> is running with a sysload on the high end, add latency as the remote
> server needs to deal with interupts.
> 
> The question though is, are the latencies you are observing out of norm?
> <see question 1 above>
> 
> Thanks,
> 
> Ron DuFresne
> 
> On Thu, 17 Feb 2005, Askar wrote:
> 
> > hi list
> >
> > we are running ftp "proftpd" server it takes times when a user
> > connects to ftp server however when I flush the iptables rules
> > connection doesn't takes time, iptables firewall on the same machine,
> > default policies are DROP,
> > firewall script is very straight forward
> >
> > rules
> > .
> > .
> > # Using Connection State to By-pass Rule Checking
> > iptables -A INPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
> > iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> > iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> > .
> > .
> > .iptables -A INPUT -p tcp --dport 20:21 -m state --state NEW -j ACCEPT
> > .
> > .
> >
> > # Load the FTP connection state helper module.
> > modprobe ip_conntrack_ftp
> > # Load the FTP NAT module.
> > modprobe ip_nat_ftp
> >
> > any idea?
> >
> > regards
> >
> >
> 
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com
> 
> ...Love is the ultimate outlaw.  It just won't adhere to rules.
> The most any of us can do is sign on as it's accomplice.  Instead
> of vowing to honor and obey, maybe we should swear to aid and abet.
> That would mean that security is out of the question.  The words
> "make" and "stay" become inappropriate.  My love for you has no
> strings attached.  I love you for free...
>                         -Tom Robins <Still Life With Woodpecker>
> 
> 


-- 
I love deadlines. I like the whooshing sound they make as they fly by.
Douglas Adams
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux