I have two servers configured according to the 'perfect setup' (both are Debian Sarge, ispconfig 2.2.6)

Everything works great - the only problem is the slow ftp access. In fact, it takes up to 15 seconds to log in to any ftp account on both servers (from any other computer). The delay happens after the message "Socket connected. Waiting for welcome message..." is displayed.

Here is a part of the cuteftp log - as you can see, this time it took 10 seconds to log in.

STATUS:> [25.08.2006 16:33:10] Getting listing ""...
STATUS:> [25.08.2006 16:33:10] Resolving host name studiograd.com...
STATUS:> [25.08.2006 16:33:10] Host name studiograd.com resolved: ip = 85.249.237.53.
STATUS:> [25.08.2006 16:33:10] Connecting to FTP server... studiograd.com:21 (ip = 85.249.237.53)...
STATUS:> [25.08.2006 16:33:10] Socket connected. Waiting for welcome message...
[25.08.2006 16:33:20] 220 ProFTPD 1.2.10 Server (Debian) [85.249.237.53]
STATUS:> [25.08.2006 16:33:20] Connected. Authenticating...

I thought it was a firewall issue - but no, it happens all the same even if the firewall is disabled.

Please help - is there something I can do to speed this up?

Plese check that you have these two lines in your /etc/proftpd.conf file:

IdentLookups off
UseReverseDNS off

and no other occurences of these two config options.

Thank you for your advice, but unfortunately it did not help.

IdentLookups off was already in my config file, so I only added UseReverseDNS off - but it changed nothing. Still 10 seconds. (I even restarted the server for good measure).

I also uncommented the line DelayEngine off (in the hope that this is the cause of the problem) - but it didn't help either.

Here is my proftpd.conf (comments are stripped):
ServerName "Debian"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"
DenyFilter \*.*/
Port 21
MaxInstances 50
User nobody
Group nogroup
Umask 022 022
AllowOverwrite on
DelayEngine off
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
UseReverseDNS off
Include /etc/proftpd_ispconfig.conf

Not sure if this will help, but it's worth a try..
If you have a firewall running, turn it off and see if the login is faster.

Make sure you turn the firewall on again after testing, and report back the results..

I already tried it with the firewall on and off - there's no difference...

Did you try with both active and passive transfers in your FTP client?
This thread might also be of interest: http://www.howtoforge.com/forums/showthread.php?t=6104&highlight=60000

Thank you for your help, but still the problem persists. I tried both active and passive transfers (I even used different ftp clients) - but it's always 10 seconds after "Socket connected.Waiting for welcome message..." It may not seem like a big problem, but in fact it quickly gets very frustrating if you test a site and have to frequenly upload files to see how they look on the server... (By the way, even if I don't disconnect, there's a 10 seconds pause before I can upload some new files). Also I have to think about my clients who will not be happy :( Anyway, thank you for your help, I'll keep trying to find the cause of this.

STATUS:> [26.08.2006 17:15:55] Socket connected. Waiting for welcome message...
[26.08.2006 17:16:05] 220 ProFTPD 1.2.10 Server (Debian) [85.249.237.53]
STATUS:> [26.08.2006 17:16:05] Connected. Authenticating...

I'm coming closer to a solution, but questions still remain...

First of all, I can now log in without any delays if the firewall on my CLIENT pc is totally disabled. I didn't try it before because my client pc could log in to other ftp servers without delays.

Well, now I know that the problem lies in the relationship between proftpd server and my windows xp sp-2 built-in firewall.

Strangely enough, there are no delays ONLY if the client firewall is totally disabled. With the client firewall switched on there is always a 10-second delay (even though I opened ports 20,21 and 60000-60005 in my client firewall).

What other ports do I need to open in my client firewall? And why is it that my client firewall produces delays ONLY with proftpd, not with other ftp servers?

I have found out (by studying c:/windows/pfirewall.log) that the client pc port that needs to be opened is 113. Indeed, once it is opened, there are no delays. So now everything is OK, but...

I can't say that it is an easy decision to tell every client who has windows xp sp-2 to open this port on their computers in order to work comfortably. I repeat that with this port closed other ftp servers can be reached without delays.

So - I wonder is there a way to configure proftpd so that client pcs with port 113 closed could work without delays...

I have the answer finally, after many hours of searching, trial and error...

Of course, the answer is very simple.

The 'perfect setup' howto says that the following lines should be added to proftpd.conf:

DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."

BUT IF ADDED LIKE THIS, THE CHANGES WILL NOT AFFECT THE VIRTUAL HOSTS!

So actually it should be like this:
<Global>
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
</Global>

Then everything will be OK - now there is no need to open port 113 on client pcs.

I hope this solution will help somebody.

I've just tested it on my Debian system, and it does make the login faster (I did have a timeout about 4 sec to get connected to the server).

Now when I connect it's connected straight away!

Small note: the UseReverseDNS off does NOT work within the <Global></Global> tag!
Fatal: UseReverseDNS: directive not allowed in <Global> context...

kudos to dimas :-)

Wow, I am pleased with how well that works, and how simple it was, because I too was pulling my hair out in an attempt to find a working fix for this. :D

Thanks a lot! it helped me, now the ftp is very fast! Lol i cant image how simple the solution was, any idea why the <Global> make things go smoother?

If a config setting is set as <global>, it will affect also virtual FTP hosts and ISPConfig creates a virtual FTP host for every IP address.

If a config setting is set as <global>, it will affect also virtual FTP hosts and ISPConfig creates a virtual FTP host for every IP address.


Im trying to understand this, if it affect virtual FTP hosts and ISPConfig create a virtual FTP host for every IP is it good or bad? im having a hard time understand. Sorry please explain. Is Global not good for security reasons?

The global setting has nothing to do with security and is neither good nor bad. It just defines the scope of the setting that is within the global tags.

I have the answer finally, after many hours of searching, trial and error...

Of course, the answer is very simple.

The 'perfect setup' howto says that the following lines should be added to proftpd.conf:

DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."

BUT IF ADDED LIKE THIS, THE CHANGES WILL NOT AFFECT THE VIRTUAL HOSTS!

So actually it should be like this:
<Global>
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
</Global>

Then everything will be OK - now there is no need to open port 113 on client pcs.

I hope this solution will help somebody.

I just want to say that I had the same problem and this instructions have fixed it.

Thanks a lot man!! ;)

Just wanted to thank you for finding the solution.

thanks a lot !

Thanks a lot Till, your knowledge are amazing!!!!! I want be as good as you some day :P

Thanks a lot guys. Been searching about this for a few days. Now the login is lightning fast.

This answer is seldom known, as I didn't found it on any other forum.

Thanks!!! IT WORKS!