Re: IPchains and FTP performance

From: Andrew Cudzilo (linuxps@rochester.rr.com)
Date: 12/12/01 

From: Andrew Cudzilo <linuxps@rochester.rr.com>
Date: Wed, 12 Dec 2001 20:36:44 GMT

WindersBoy wrote:

> Hello all.
> I've seen many posts regarding this on the Internet, but so far have
> found no answers. I hope someone here can help.
>
> I have a linux firewall box running the 2.2.12-20 kernel (redhat). It
> runs ipchains. Everything seems to be going well with one exception.
>
> When someone runs FTP through the firewall, it is very slow, and the
> server itself becomes almost unresponsive to logins during the data
> transfer operation. The firewall does masquerading.
>
> Thoughts?
> Sean
>

Thoughts that come to mind:

1)kernel module to allow private IPs to ftp from behind a firewall
loaded? ip_masq_ftp.o
2) Passive versus active file transfers - probably want to turn passive
off and try to download
3)FTP server (you are connecting to) trying to do reverse DNS lookups on
your firewalls public IP address or itself. (This one is usually
detectable if there is an extreme delay in connecting to the server 1-2
mins, but once a connection is established data transfers seem to flow
at normal pace)

<end thoughts> Hope it was of some service:) 

-- 
Andrew Cudzilo                          <linuxps@rochesterr.rr.com>
Proffesional Bum
Clever saying: "killall -9`em and let root@localhost sort`em out"

Relevant Pages

  • Re: Zone Alarm connects to the Internet on startup
    ... updates all these stuff will be tranfered to the Microsofts server. ... When a security software act as a spyware tool and no one can ... Several days ago I read a statement that Sygates Personal Firewall ... unallowed transfers, connection, etc. ...
    (comp.security.firewalls)
  • Re: [opensuse] Two NICs, one connected, Ping Both...?
    ... Server is behind a Router, and the Router is doing Port Forwarding. ... Only one of these RJ45 Ports is connected, but I can Ping them both. ... Not counting completely broken firewall rules. ... Start by turning off the firewall, double-checking that you are running ssh, and connecting from a localhost. ...
    (SuSE)
  • Re: IPchains and FTP performance
    ... >> I have a linux firewall box running the 2.2.12-20 kernel. ... >2) Passive versus active file transfers - probably want to turn passive ... >3)FTP server (you are connecting to) trying to do reverse DNS lookups on ...
    (comp.os.linux.security)
  • Re: Zonealarm and EDonkey2000
    ... I don't get a high ID Number when connecting ... >!If I shut down the firewall, there is no change in the ID! ... When you connect to a server it attempts to connect back to you on that port ...
    (comp.security.firewalls)
  • Re: POP3 and SBS 2003 Problem
    ... >> DO you mean you have this HORRENDOUS list of ports open incoming ... > Linksys Firewall. ... I don't recommend anyone connecting via POP - you will invariably end ... public websites on your server. ...
    (microsoft.public.windows.server.sbs)