FTP xfer speeds between comps only 2000kb/s

[Crimson Behelit]

Hey all, I have 3 computers and an Xbox hooked together through a Linsys router. I'm not running a DHCP server on my router because I opted to manually specify ips and dns addresses. Problem is I'm only yielding 2000kb/s...

Two of my boxes have gigabit lans, and both the Xbox and the third computer have 10/100 lans. I don't know what could be the limiting factor... any ideas? I'm assuming by the illuminated lights on my router that all lans are connected in full duplex mode.

Cheers,

joe

[Rudy]

technically you should get like 12,500 kb/s (you can't go 1000mbits since you're router is only 10/100...i think)

[+BudMan MVC]

How about some details dude... What does iperf show you? Is it only from gig to 100.. WTF is a 10/100 lan? And what linksys router do you have that supports gig? You have to be at 1 or the other dude - you cant have both..? Are these speeds between gig and gig - or 100 to gig? Or maybe 10 to gig? Do other methods of copy get you better throughput? Samba, NFS, etc?

Are you getting the slow speeds both up and down? Are you showing some crazy amount of errors netstat -s

Where exactly are you seeing these speeds?

Without knowing where your ftping from, or to where.. Shoot maybe you have your ftp server set to limit bandwidth? Are you doing any QOS? I have seen quite a few people set there QOS to an upload of what their ISP connection is.. and then can not figure out why they can not upload to that server at their lan speeds..

Details, Details, Details!

[raid517]

It sounds like your router is the limiting factor.

GJ

[Crimson Behelit]

Hey guys, thanks for responding...

Budman, '10/100 lan' is a 10/100Mbit lan (nic)... as we all know the gigabit lans I refer to are 10/100/1000Mbit.

My linksys 4 port router will only accomodate speeds of 10Mbit (half duplex) or 100Mbit (full duplex)... it doesn't have support for gigabit (that's not really an issue right now).

That being said, all of my computers are connected at 100Mbit (full duplex), so as Rudy mentioned above, I should be achieving speeds theoretically as high as 12,500kb/s (however I'd expect a real-world figure somwhere around 10,000kb/s). I'm transfering at about 1/5th of what I should be.

As I mentioned in the title of the topic, this is via an FTP connection. The ftp server serves internally (LAN) and externally (WAN). I am also running a samba server off of the ftp server (however at the point in time I noticed the slow xfer speeds via ftp, the samba server was not sharing anything). I am trying to transfer files between computers in the lan.

No server limits are enabled at all.

Edited July 10, 2005 by joekr

[+BudMan MVC]

  joekr said:

Budman, '10/100 lan' is a 10/100Mbit lan (nic)...

586190132[/snapback]

Dude I knew what you meant :rofl: - my point was you can not be connected at both speeds at the same time.. stating you have 10/100 and 2 gig cards in your machines really tells me NOTHING...

If I tell you I have 10/100/1000 cards -- what "SPEED" are they connected at?

Great dude so your running samba? Have you copied files using it? What are the speeds?

Grab Iperf and do some testing! And you still have not told us much of anything. Atleast now we know that all your machines are connected at 100mbit - before you told us they were 10/100 and gig ;) See my point? Why is getting any useful info always like pulling teeth around here? Is this slow ftp xfer both up and down?

Are you running QOS or Bandwidth shaping on this ftp server - on the client machine? What do you have your bandwidth limits set to?

If you hitting a brick wall of 2000kb/s I would have to say you have some limit set.. be it in your ftp server software.. be it some bandwidth shaping, something.. Do you get these speeds from all other machines on your network?

If your ftp server is on box2, what is the xfer speeds between box1 and 3? using smbs, nfs, ftp, etc..

As to the speed you should be seeing on 100mbit, don't be surprised if you see less than 10KB.. but sure you should be getting faster than 2KB ;)

ftp: 194364383 bytes received in 16.58Seconds 11724.24Kbytes/sec.

ftp: 194364383 bytes sent in 16.89Seconds 11506.98Kbytes/sec.

That was from a 100mbit connected machine to my server, here is on a gig connected machine.

ftp: 194364383 bytes sent in 8.67Seconds 22415.45Kbytes/sec.

ftp: 194364383 bytes received in 8.61Seconds 22576.88Kbytes/sec.

Gig should xfer alot faster than that ;) A simple test shows the line can support faster xfer.. so why is ftp only showing 22.5MB?

[1916] local 192.168.1.100 port 3457 connected with 192.168.1.2 port 5001

[ ID] Interval Transfer Bandwidth

[1916] 0.0-10.0 sec 388 MBytes 38.7 MBytes/sec

There are going to be other factors - overhead, how fast can the file be written or read, etc. But yes ftp between 2 machines on a 100mbit lan should be seeing speeds alot faster than 2000 KB ;)

Did you not just recently ask how to change your MTU.. have you been playing ;)

So this server does serve both lan and wan connections.. What is your WAN connection speed? I would bet you have some Bandwidth limit set for QOS.. and this is limiting your LAN connections as well

[Crimson Behelit]

  BudMan said:

Dude I knew what you meant  :rofl:  - my point was you can not be connected at both speeds at the same time..  stating you have 10/100 and 2 gig cards in your machines really tells me NOTHING...

My apologies... my intention was to let you know all of my nics are quite capable of connecting at a100Mbit transfer rate... unfortunatly I guess my intentions were wasted :|

  BudMan said:

Great dude so your running samba?  Have you copied files using it?  What are the speeds?

Between 4Mbit/s and 8Mbit/s

  BudMan said:

Grab Iperf and do some testing!

Done. Iperf is setup on the serverbox and my primary desktop. I hope this is the information you were after (to verify the potential speeds the netword is capable of in it's current state)

joe@amd64box ~ $ sudo iperf -s amd64box
iperf: ignoring extra argument -- amd64box
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[  4] local 192.168.1.101 port 5001 connected with 192.168.1.102 port 1360
[  4]  0.0-10.0 sec    112 MBytes  93.9 Mbits/sec
[  4] local 192.168.1.101 port 5001 connected with 192.168.1.102 port 1361
[  4]  0.0-10.0 sec    112 MBytes  93.8 Mbits/sec
[  4] local 192.168.1.101 port 5001 connected with 192.168.1.102 port 1362
[  4]  0.0-10.0 sec    112 MBytes  93.7 Mbits/sec
[  4] local 192.168.1.101 port 5001 connected with 192.168.1.102 port 1363
[  4]  0.0-10.0 sec    112 MBytes  93.9 Mbits/sec
[  4] local 192.168.1.101 port 5001 connected with 192.168.1.102 port 1364
[  4]  0.0-10.0 sec    112 MBytes  93.7 Mbits/sec

Although this is the first time using iperf, I can clearly see that the network is successfully connected at 100Mbit indicated by the speeds 93.9Mbits/sec, 93.8Mbits/sec, 93.7Mbits/sec, 93.9Mbits/sec, and 93.7Mbits/sec. If, however, this isn't the information you were after with iperf, I'm sure after a little more work I can supply the information you request.

  BudMan said:

And you still have not told us much of anything.  Atleast now we know that all your machines are connected at 100mbit - before you told us they were 10/100 and gig ;)  See my point?  Why is getting any useful info always like pulling teeth around here?

Woah, I can imagine being on your last nerves given some of the posts that get thrown around on these forums, but I DO believe enough information was provided in the first post/title. I provided enough evidence that all cards are capable of transmitting data at 100Mbit/s (the fact that I mentioned gigabit nics was to alert anyone reading that indeed all cards on my network are capable, if not more than capable transmitting data at 100Mbit/s). I mentioned that the lights on my router indicate full duplex connections across the board (again idicative that the LAN is operating at 100Mbit/s). And I also mentioned (in title) that I was referring to an FTP connection.

Now I can empathize that the effort required to 'pull teeth' (get info) is a little too much given some posters, but I still sincerely believe I provided enough info in the first post and subsequent second post. In fact, by running the iperf test I am only further asserting the 100Mbit/s connection status of my network and am nowhere nearer to a solution than I was in the first post (from first post: I'm assuming by the illuminated lights on my router that all lans are connected in full duplex mode.)

  BudMan said:

Is this slow ftp xfer both up and down?

Up and down.

  BudMan said:

Are you running QOS or Bandwidth shaping on this ftp server - on the client machine?  What do you have your bandwidth limits set to?

I havn't enforced any bandwidth limits on any of the computers or Lan myself. The FTP server doesn't have any transfer bandwidth limits initialized either.

  BudMan said:

If you hitting a brick wall of 2000kb/s I would have to say you have some limit set.. be it in your ftp server software.. be it some bandwidth shaping, something.. Do you get these speeds from all other machines on your network?

If there is a limit set-up somewhere, it's a limit I havn't configured. I'm open to the possibility of a limiting agent existing somewhere in the network, but I wouldn't know where to begin to diagnose where that limiting agent exists: router, server, or client workstations. The speeds are the same for all computers sending/receiving to/from any/all computers on the LAN.

  BudMan said:

If your ftp server is on box2, what is the xfer speeds between box1 and 3?  using smbs, nfs, ftp, etc..

Using samba, the speeds are between 4Mbit/s and 8Mbit/s. NFS and FTP don't apply given this specifc circumstance.

  BudMan said:

Did you not just recently ask how to change your MTU.. have you been playing ;)

Yes I asked that. No, I havn't been playing. In fact I opted not to change my MTU given the advice I had received (in particular from yourself and raid... thanks to you both for the clear and concise heads up :yes:).

  BudMan said:

So this server does serve both lan and wan connections.. What is your WAN connection speed?  I would bet you have some Bandwidth limit set for QOS.. and this is limiting your LAN connections as well

Server serves LAN and WAN connections, however it's WAN serving is severly limited to two guest accounts. When experiencing the slow xfer of 2000kb/s internally, the ftp server is idle externally (not serving gues accounts).

Edited July 10, 2005 by joekr

[Crimson Behelit]

netstat -s

Ip:
    20322865 total packets received
    0 forwarded
    0 incoming packets discarded
    20322865 incoming packets delivered
    14114214 requests sent out
Icmp:
    4 ICMP messages received
    2 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 4
    4 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 4
Tcp:
    184 active connections openings
    869 passive connection openings
    2 failed connection attempts
    36 connection resets received
    7 connections established
    20181033 segments received
    14111570 segments send out
    2726 segments retransmited
    0 bad segments received.
    32 resets sent
Udp:
    3723 packets received
    0 packets to unknown port received.
    0 packet receive errors
    2640 packets sent
TcpExt:
    6 resets received for embryonic SYN_RECV sockets
    ArpFilter: 0
    478 TCP sockets finished time wait in fast timer
    13820 delayed acks sent
    57 delayed acks further delayed because of locked socket
    Quick ack mode was activated 86 times
    40 packets directly queued to recvmsg prequeue.
    16951751 packets header predicted
    TCPPureAcks: 345052
    TCPHPAcks: 2663365
    TCPRenoRecovery: 0
    TCPSackRecovery: 894
    TCPSACKReneging: 0
    TCPFACKReorder: 0
    TCPSACKReorder: 0
    TCPRenoReorder: 0
    TCPTSReorder: 0
    TCPFullUndo: 0
    TCPPartialUndo: 0
    TCPDSACKUndo: 0
    TCPLossUndo: 39
    TCPLoss: 5524
    TCPLostRetransmit: 0
    TCPRenoFailures: 0
    TCPSackFailures: 1
    TCPLossFailures: 0
    TCPFastRetrans: 2669
    TCPForwardRetrans: 2
    TCPSlowStartRetrans: 2
    TCPTimeouts: 46
    TCPRenoRecoveryFail: 0
    TCPSackRecoveryFail: 3
    TCPSchedulerFailed: 0
    TCPRcvCollapsed: 0
    TCPDSACKOldSent: 87
    TCPDSACKOfoSent: 0
    TCPDSACKRecv: 43
    TCPDSACKOfoRecv: 0
    TCPAbortOnSyn: 0
    TCPAbortOnData: 0
    TCPAbortOnClose: 2
    TCPAbortOnMemory: 0
    TCPAbortOnTimeout: 0
    TCPAbortOnLinger: 0
    TCPAbortFailed: 0
    TCPMemoryPressures: 0

Edit I forgot to mention that my WAN is capped at 5Mbit recv, and 1Mbit send.

Edit2 It seems as I've posted some inaccurate numbers (it's early :p) in the post immediatly above this one... to the question:

  Quote

Great dude so your running samba?  Have you copied files using it?  What are the speeds?

The correct answer is between 6 megabytes/s - 8 megabytes/s

Also,

  Quote

If your ftp server is on box2, what is the xfer speeds between box1 and 3?  using smbs, nfs, ftp, etc..

The correct answer is between 6 megabytes/s - 8 megabytes/s

Edited July 10, 2005 by joekr

[+BudMan MVC]

GREAT!!! Lots of INFO! ;) Ok, so we now know that your network is capable of the 100mbit "iperf" And that you are seeing about normal xfer speeds using samba.. This tells us there is not some disk speeed bottleneck, and that the limit seems to be only ftp..

Some testing between other machines on FTP could be useful.. this could help point you to where there is something limiting.. You say speeds are all the same between machines on the lan.. but this is all to the server?

both machine1 and 2 are limited at 2000 KB to the server.. are they also limited on ftp between themselves.. if they ftp at normal speeds between themselves, then it clearly points to an issue with the server.. If they are limited.. then it points to something on the client limiting or the switch (what model of linksys router do you have - I know the RT042 has QOS support out of the box)

Also - some speed testing from the server to the wan could be helpful info.. Can the server ftp download at its rated 5mbit -- or are you being limited to 2000 KB, what are you seeing on an upload from that server to an outside ftp server? What speeds do your machines see when they ftp to outside servers?

What ftp server and even client software are you using? There are many choices for both vsftpd, pureftpd, proftpd, wuftpd, ncftpd. Is the limit an actual brick wall at 2000 KB, or are your xfers around that number.. say 1982, or 2056, 1948, etc.. Does the speed move around - or does it go straigth to the 2000KB wall - and stay steady?

Do you get the exact same issue with different client or server software? And also - just to be clear, we are talking just plain ole ftp here.. Not over SSL, or through a ssh tunnel or really sftp or even scp? Encryption can put a hit on your bandwidth..

Here is a sftp xfer to that same gig connected server - which gave 22,000 KB on ftp before ;)

185.36 MB transferred in 44.26 seconds (4288.12 KB/s)

Just the cipher used with your encryption can make a big difference.. Using blowfish vs AES128

185.36 MB transferred in 34.72 seconds (5467.25 KB/s)

Depending on what cipher, compression level, etc.

185.36 MB transferred in 72.28 seconds (2626.07 KB/s)

That is on a GIG connected machine - which you saw before can do 38.7 MBytes/sec.. So I could see quite easy on a 100mbit using sftp with certain ciphers, compression, etc.. you only getting 2000 KB/s

[Crimson Behelit]

I'll specifically respond to each question/suggestion (from your immediately last post) in due order, however I'd like to bring up some ideas I've had as to the problem.

OK, first of all I've solved the speed cap issue (albeit now something else is broken). Initially I studied this page which outlines the mod_shaper command module (specifically the section titled ShaperAll). I added ShaperAll rate 10000 into my conf file however the 2000kb/s cap remained to be functioning. Further, I added several arguments to the ShaperAll command yet I was still unsuccessful at eliminating the cap (however through some tests I was able to downgrade the cap to under 100k, for example :x).

After some more research into my server's setup, I saw I didn't have shaper support compiled into Proftpd (;)). So I compiled it in and still no luck. I have since reverted back to a shaper-less proftpd.

So I started playing with my .conf file... here is a copy of it in it's initial form:

ServerName                      "joe's ftp running on gentoo"
Bind                            "192.168.1.102"
ServerType                      standalone
DefaultServer                   on

Port                            7001
PassivePorts                    60000 61000
MasqueradeAddress               70.25.246.53

Umask                           022

MaxInstances                    30
MaxLoginAttempts                3
TimeoutLogin                    30
TimeoutNoTransfer               60
TimeoutIdle                     60

User                            proftpd
Group                           proftpd

DefaultRoot ~
RequireValidShell off
DefaultTransferMode             binary
AllowForeignAddress on
AllowRetrieveRestart            on
AllowStoreRestart on
TransferRate RETR 0
TransferRate STOR 0
TransferRate STOU 0
TransferRate APPE 0
AllowOverwrite          on

<Limit SITE_CHMOD>
  DenyAll
</Limit>

# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
#<Anonymous ~ftp>
#  User                         ftp
#  Group                                ftp
  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias                    anonymous ftp
  # Limit the maximum number of anonymous logins
#  MaxClients                   10
  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
#  DisplayLogin                 welcome.msg
#  DisplayFirstChdir            .message
  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE>
#    DenyAll
#  </Limit>
#</Anonymous>

<Anonymous ~big>
  User                 big
  Group                 ftp
  AnonRequirePassword on
  MaxClients 10 "The server is full, hosting %m users"
  UserAlias           private big
  UserAlias           upload big
  AllowOverwrite on
  MaxClients          10

  DisplayLogin        welcome.msg
  DisplayFirstChdir   .message

  <Limit WRITE>
     Deny from all
  </Limit>

  <Directory incoming>
     <Limit READ WRITE DIRS STOR CWD CDUP>
    AllowAll
   </Limit>
 </Directory>
</Anonymous>

So I commented out masqueradeaddres 70.x.x.x... 'Lo and behold... CAP REMOVED :cool: I'm now up/downloading files at 11219kb/s (quite a healthy transferrate if I don't say so myself :cool:)...

... however now external transfers are wobbly: outbound speeds are unstable and unsteady ranging from 60kb/s-80kb/s... before commenting out the MasqueradeAddress, the server was quite capable of a steady and stable 100kb/s.

I've checked out this resource which explains many of the directives used in the proftpd.conf file. It is my understanding the MasqueradeAddress option is there to specify an ip address so that connecting users don't see the server's internal ip... now my initial problem was beginning to come into focus: although still connecting internally (via LAN) to the ftp server, my client was being tricked into thinking I was connecting to a server outside of the LAN (or at least this is what I am thinking).

So right now I'm somewhere in the process of playing around with interger/string values using the directives outlined in the linke above to come up with the proper combination of directives in my conf file to allow speedy internal file transfers and stable/maxed-out external transfers. Specifically, I'm trying different values of the bind directove, defaultserver, default address, and MasqueradeAddress. It is my understanding that the default address is the internal IP of the ftpserver, the bind address should be (?) the router's external ip, and the MasqueradeAddress should be the external ip of the router.

Perhaps if I can come up with the correct combination of directives, I'll be able to specify a path for the data to follow which will allow for fast, stable, and maxed-out connections for both internal and external connections.

Bud, if you can offer any insight I'd love to hear it... I've run some iperf tests using other computers on the network and everything seems to be in working order. Also worth mention is that ftping to the xbox (remember that modded xbox's are outfitted with ftp server software) works at full speed.

[+BudMan MVC]

Well I am not a ProFTPd user - I have ran it before, but have not looked into in quite some time.. I really do not run ftp servers to the public.. All of my inbound external access is sftp.. I only use ftp internal, or from work I do grab from my home server using ftp.. but its locked down by IP address, and then that is vsftpd - which I have never had any problems with..

I'll take a look, and see if anything jumps out at me.. But right off the bat, setting the MasqueradeAddress should really have nothing to do with external speed..

I would think stable xfer at 100kb was more due to some shaping that was going on.. I want to verify that I got this right --> your now running a NON shaping version of proftpd? And when you have a MasqueradeAddress set to your external address your xfer is stable at 100kb, but when you take it out - it fluctuations between 60 and 80? Really? But your internal xfers are now in the 11,000 KB range with it set or not set?

MasqueradeAddress should only be a concern with passive mode ftp.. IE the server is telling the client what port to connect to, if it gave out a private address - that would never work ;) If you users are using active, then that should be mute?

Until you figure it out the actual details of your issue - I would think a simple work around would be to create different configurations.. Can you not run proftpd on multiple IPs? On the Private IP address that your local users use - you have NO need for the MasqueradeAddress.. So for the instance of proftpd that listens on say IP address 192.168.1.100 - do not use it.. Then on the one that listens on 192.168.1.101 that you forward your ftp traffic from your router to, set the MasqueradeAddress..

Another option could be to set the MasqueradeAddress to the FQDN of your external addresss vs some IP address.. And just make sure your internal machines resolve this address to the private IP address of your server..

When you setup a MasqueradeAddress - and your internal client connects using passive.. He will be told some port to connect to on this OUTside address.. so to go to that address, he has to talk to your gateway - linksys router.... when then router has to do loopback.. Not sure how well you understand passive vs active ftp - but here is a good link with the basics http://slacksite.com/other/ftp.html

Another method would be to just use active connections internal - since I could see no reason to use passive on an internal connection with no natting going on, or firewall rules to worry about.

But I was right about some type of shaping being your issue? :whistle:

[Crimson Behelit]

  BudMan said:

Well I am not a ProFTPd user - I have ran it before, but have not looked into in quite some time.. I really do not run ftp servers to the public.. All of my inbound external access is sftp.. I only use ftp internal, or from work I do grab from my home server using ftp.. but its locked down by IP address,  and then that is vsftpd - which I have never had any problems with..

I'll take a look, and see if anything jumps out at me..  But right off the bat, setting the MasqueradeAddress should really have nothing to do with external speed..

I would think stable xfer at 100kb was more due to some shaping that was going on..  I want to verify that I got this right --> your now running a NON shaping version of proftpd?  And when you have a MasqueradeAddress set to your external address your xfer is stable at 100kb, but when you take it out - it fluctuations between 60 and 80?  Really?  But your internal xfers are now in the 11,000 KB range with it set or not set?

MasqueradeAddress should only be a concern with passive mode ftp.. IE the server is telling the client what port to connect to, if it gave out a private address - that would never work ;)  If you users are using active, then that should be mute?

Until you figure it out the actual details of your issue - I would think a simple work around would be to create different configurations.. Can you not run proftpd on multiple IPs?  On the Private IP address that your local users use - you have NO need for the MasqueradeAddress..  So for the instance of proftpd that listens on say IP address 192.168.1.100 - do not use it..  Then on the one that listens on 192.168.1.101 that you forward your ftp traffic from your router to, set the MasqueradeAddress..

Another option could be to set the MasqueradeAddress to the FQDN of your external addresss vs some IP address..  And just make sure your internal machines resolve this address to the private IP address of your server..

When you setup a MasqueradeAddress - and your internal client connects using passive.. He will be told some port to connect to on this OUTside address.. so to go to that address, he has to talk to your gateway - linksys router.... when then router has to do loopback..  Not sure how well you understand passive vs active ftp - but here is a good link with the basics http://slacksite.com/other/ftp.html

Another method would be to just use active connections internal - since I could see no reason to use passive on an internal connection with no natting going on, or firewall rules to worry about.

But I was right about some type of shaping being your issue?  :whistle:

586197332[/snapback]

Thanks for the feedback. I've opted to switch to vsftpd myself. These havn't been the first issues I've had with proftpd, nor would they be the last if I continued to use it. Thanks for your help.

[+BudMan MVC]

  joekr said:

Thanks for the feedback.  I've opted to switch to vsftpd myself.  These havn't been the first issues I've had with proftpd, nor would they be the last if I continued to use it.  Thanks for your help.

586201122[/snapback]

So how is that working? Are your speeds issues gone - both internal and external?

[Crimson Behelit]

  BudMan said:

So how is that working?  Are your speeds issues gone - both internal and external?

586201426[/snapback]

The external speeds are tight/high again (:)), and the internal speeds are capped again :|

I'm looking into setting up a 2nd virtual address much like you suggested which would be a dedicated external ftp server...

Although I don't quite consider myself a noob, I can't wrap my head around why a server (on my network) does well externally yet poor internally :|

local_enable=YES
local_umask=022
write_enable=YES
anonymous_enable=NO
xferlog_enable=YES
xferlog_file=/var/log/vsftpd/vsftpd.log
idle_session_timeout=600
data_connection_timeout=120
ascii_upload_enable=NO
ascii_download_enable=NO
nopriv_user=ftp
dirmessage_enable=YES
ftpd_banner=Your Banner Goes Here
chroot_list_enable=NO
chroot_local_user=YES
background=YES
listen=YES
ls_recurse_enable=NO
pasv_min_port=60000
pasv_max_port=61000
listen_port=7001
pasv_address=70.25.246.53
pasv_promiscuous=YES

So far vsftpd seems friendlier to manage, however I'll reserve my opinion on it until I can get a fair amount of uptime going...

[+BudMan MVC]

Dude it could be quite a few things.. But I thought I went over this already.. If your ftp software is telling your internal machine to connect to some OUTSIDE address, ie what you have posted -- 70.25.246.53

Then instead of your machine just TALKING to the server on 192.168.1.X from 192.168.1.Y to handle FTP.. he has to talk to your gateway 192.168.1.Z - since you told him to go to this 70.25.246.53 address on some port between 60000 and 61000.. Your gateway "linksys router" then says - oh wait thats my external address.. and I am supose to forward those ports to 192.168.1.X

have your internal machines use ACTIVE ftp so that they are only talking to the 192.168.1.X "internal address" of your machine - and do not get told to talk to some external address - which would have to go through your router.. Loopback forwarding does work on some routers - but it sure aint going to be be fast ;) The link I gave for active ftp clearly goes over the differences between active and passive ftp.. I would suggest you go over it..

Since you say your not using any bandwidth shaping.. and the symptom went away when;

"So I commented out masqueradeaddres 70.x.x.x... 'Lo and behold... CAP REMOVED"

The only thing that makes sense is your internal machines are talking to this 70 address - which sure aint going to as fast as talking directly to its private address..

[Crimson Behelit]

I just checked out the link you provided... it was very clear and concise. At least now I think I'm heading in the right direction... as you have suggested I am going to begin setting up an active ftp for home ftp'ing.

After reading

  Quote

vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By default, vsftpd looks for this file at the location /etc/vsftpd.conf. However, you may override this by specifying a command line argument to vsftpd. The command line argument is the pathname of the configuration file for vsftpd. This behaviour is useful because you may wish to use an advanced inetd such as xinetd to launch vsftpd with different configuration files on a per virtual host basis.

... I'm assuming using inetd won't allow me to launch two vsftpd's with different configurations... so I'll have to research xinetd and what changing over will affect.

Thanks budman... your patience and effort are greatly appreciated... if you have any other advice I'm eager to hear it... take care

joe

[+BudMan MVC]

dude you really should not have to setup anything.. just tell your ftp client to use ACTIVE vs passive ;) I am fairly sure vsftpd allows for active connections with a default config? Use a ftp client that logs your connection to be sure..

< 227 Entering Passive Mode (x,x,x,x,105,102)

Here is an active connection to the same machine

> PORT 10,40,0,21,203,71

< 200 PORT command successful.

You can tell what port is being used by taking the first number x 256 + the second number.. So you have in the passive connection port 26982 and in the active connection the ftp server is connecting back to me from 20 to port 52039

Quite a few clients default to using passive mode.. Just have it use active to connect to your internal server - and use its internal IP address to connect.. Or a name that resolves to its internal IP.

[Crimson Behelit]

  BudMan said:

dude you really should not have to setup anything.. just tell your ftp client to use ACTIVE vs passive ;)  I am fairly sure vsftpd allows for active connections with a default config?  Use a ftp client that logs your connection to be sure..

By setting vsftpd to active, won't that bork external connections, which IIRC (which I may not :p) require passv to be enabled because I am behind a router?

[+BudMan MVC]

your not setting vsftp not allow passive - just set your local "CLIENTS" to use active.. What ftp client are you using? I'll give you a picture on how to make it use active.. ;)

edit: just use the command line windows FTP client, it should make active connections by default.. here is a sniff of login to my home server..

220 (vsFTPd 2.0.3)

USER *****

331 Please specify the password.

PASS *****

230 Login successful.

PORT 10,40,0,21,204,253

200 PORT command successful. Consider using PASV.

NLST

150 Here comes the directory listing.

226 Directory send OK.

QUIT

221 Goodbye.

Active connection - see the port command telling the server to connect to me on 10.40.0.21 (port would be 204*256+253)

This works through our router - because it is smart enough to open that up since I went out on 21, etc.. depending on your router this may or not work.. But you do not need to worry about - since your clients and server on the same lan..

Here this might help some more - http://www.allaboutjake.com/network/linksys/ftp.html

Edited July 12, 2005 by BudMan

[Crimson Behelit]

:blush: Budman your patience is uncanny... I've certainly helped people who were as dense as I appear to be right now...

I'm using vsftpd now... I'm currently using this configuration

local_enable=YES
local_umask=022
write_enable=YES
anonymous_enable=NO
xferlog_enable=YES
xferlog_file=/var/log/vsftpd/vsftpd.log
idle_session_timeout=600
data_connection_timeout=120
ascii_upload_enable=NO
ascii_download_enable=NO
nopriv_user=ftp
dirmessage_enable=YES
ftpd_banner=Your Banner Goes Here
chroot_list_enable=NO
chroot_local_user=YES
background=YES
listen=YES
ls_recurse_enable=NO
pasv_min_port=60000
pasv_max_port=61000
listen_port=7001
pasv_address=70.25.246.53
pasv_promiscuous=YES

[+BudMan MVC]

dude hehehehehehehe - what CLIENT are you using to connect to your vsftpd server? I will give a you a picture on how to set it to ACTIVE ;) heheheeheheh

[Crimson Behelit]

:pinch: gftp

[+BudMan MVC]

gftp - dude that will do sftp.. Are you sure your not using sftp.. this would also explain slow xfer - due to the encrytion overhead.. Do you have a windows box to test from? I am at work - and do not have access to a linux machine.. Oh wait, I can access my ubuntu box remotely - give me a sec.. and I take a look.. I do not use gftp that often..

Here is the traffic coming back from that port command before;

Frame 57 (74 bytes on wire, 74 bytes captured)

Ethernet II, Src: 00:11:5d:46:a0:0a, Dst: 00:11:43:9c:86:6c

Internet Protocol, Src Addr: <snipped>, Dst Addr: 10.40.0.21 (10.40.0.21)

Transmission Control Protocol, Src Port: ftp-data (20), Dst Port: 52477 (52477), Seq: 0, Ack: 0, Len: 0

As you can see my ftp server is talking from port 20 to the 204*256+253 port - or 52477.. this is a ACTIVE connection.

ok this is easier - if you really need a picture ;)

Looks like by default gFTP uses passive - here is how to turn it off..

2.2. When gFTP tries to get the remote directory listing, I receive the error: Cannot create a data connection: Connection refused

Go under FTP->Options->FTP and turn off passive file transfers. Instead of sending the PASV command to open up the data connection on the server side, the data connection will be opened up on the client side, and the PORT command will be sent to the server instead.

Edited July 12, 2005 by BudMan

[Crimson Behelit]

I'm 100% sure I'm not using ftps...

... a light bulb has finally 'gone off' in my head :yes: (... I guess that's what happens when you forget to pay the hydro :p)

I connected to the server via the local address 192.168.1.102 and disabled passv transfers (in the client for this specific connection)... now speeds are ~10000kb/s for local transfers... and good news is that my external transfer speed is still super fast :D

Thanks for everything budman, I appreciate it :yes: :pinch: :blush: :rofl: :yes:

Looking up 192.168.1.102
Trying 192.168.1.102:7001
Connected to 192.168.1.102:7001
220 Your Banner Goes Here
USER big

331 Please specify the password.
PASS xxxx
230 Login successful.
SYST

215 UNIX Type: L8
TYPE I

200 Switching to Binary mode.
CWD /

250 Directory successfully changed.
Loading directory listing / from server (LC_TIME=C)
PORT 192,168,1,101,128,2

200 PORT command successful. Consider using PASV.
LIST -aL

Edited July 12, 2005 by joekr

[+BudMan MVC]

Finally ;) hehehehehe

And you learned something in the proccess - I hope!

Now wasn't that easy - hehehehe