Re: IPchains and FTP performance

From: WindersBoy (skelley@nospam.com)
Date: 12/12/01


From: skelley@nospam.com (WindersBoy)
Date: Wed, 12 Dec 2001 22:02:28 GMT

On Wed, 12 Dec 2001 20:36:44 GMT, Andrew Cudzilo
<linuxps@rochester.rr.com> wrote:

>WindersBoy wrote:
>
>> Hello all.
>> I've seen many posts regarding this on the Internet, but so far have
>> found no answers. I hope someone here can help.
>>
>> I have a linux firewall box running the 2.2.12-20 kernel (redhat). It
>> runs ipchains. Everything seems to be going well with one exception.
>>
>> When someone runs FTP through the firewall, it is very slow, and the
>> server itself becomes almost unresponsive to logins during the data
>> transfer operation. The firewall does masquerading.
>>
>> Thoughts?
>> Sean
>>
>
>Thoughts that come to mind:
>
>
>1)kernel module to allow private IPs to ftp from behind a firewall
>loaded? ip_masq_ftp.o
>2) Passive versus active file transfers - probably want to turn passive
>off and try to download
>3)FTP server (you are connecting to) trying to do reverse DNS lookups on
>your firewalls public IP address or itself. (This one is usually
>detectable if there is an extreme delay in connecting to the server 1-2
>mins, but once a connection is established data transfers seem to flow
>at normal pace)
>
><end thoughts> Hope it was of some service:)
>
>
>
>--
>Andrew Cudzilo <linuxps@rochesterr.rr.com>
>Proffesional Bum
>Clever saying: "killall -9`em and let root@localhost sort`em out"
>
I only allow passive FTP (forgot to mention that), so the module isn't
needed, I believe.
I am FTP'ing to the DMZ so name look-ups aren't a real problem.



Relevant Pages

  • Re: Zone Alarm connects to the Internet on startup
    ... updates all these stuff will be tranfered to the Microsofts server. ... When a security software act as a spyware tool and no one can ... Several days ago I read a statement that Sygates Personal Firewall ... unallowed transfers, connection, etc. ...
    (comp.security.firewalls)
  • Re: [opensuse] Two NICs, one connected, Ping Both...?
    ... Server is behind a Router, and the Router is doing Port Forwarding. ... Only one of these RJ45 Ports is connected, but I can Ping them both. ... Not counting completely broken firewall rules. ... Start by turning off the firewall, double-checking that you are running ssh, and connecting from a localhost. ...
    (SuSE)
  • Re: Zonealarm and EDonkey2000
    ... I don't get a high ID Number when connecting ... >!If I shut down the firewall, there is no change in the ID! ... When you connect to a server it attempts to connect back to you on that port ...
    (comp.security.firewalls)
  • Re: IPchains and FTP performance
    ... > I have a linux firewall box running the 2.2.12-20 kernel. ... Passive versus active file transfers - probably want to turn passive ... 3)FTP server (you are connecting to) trying to do reverse DNS lookups on ...
    (comp.os.linux.security)
  • Re: POP3 and SBS 2003 Problem
    ... >> DO you mean you have this HORRENDOUS list of ports open incoming ... > Linksys Firewall. ... I don't recommend anyone connecting via POP - you will invariably end ... public websites on your server. ...
    (microsoft.public.windows.server.sbs)