ftp login very slow

[dimas]

I have two servers configured according to the 'perfect setup' (both are Debian Sarge, ispconfig 2.2.6)

Everything works great - the only problem is the slow ftp access. In fact, it takes up to 15 seconds to log in to any ftp account on both servers (from any other computer). The delay happens after the message "Socket connected. Waiting for welcome message..." is displayed.

Here is a part of the cuteftp log - as you can see, this time it took 10 seconds to log in.

STATUS:> [25.08.2006 16:33:10] Getting listing ""...
STATUS:> [25.08.2006 16:33:10] Resolving host name studiograd.com...
STATUS:> [25.08.2006 16:33:10] Host name studiograd.com resolved: ip = 85.249.237.53.
STATUS:> [25.08.2006 16:33:10] Connecting to FTP server... studiograd.com:21 (ip = 85.249.237.53)...
STATUS:> [25.08.2006 16:33:10] Socket connected. Waiting for welcome message...
[25.08.2006 16:33:20] 220 ProFTPD 1.2.10 Server (Debian) [85.249.237.53]
STATUS:> [25.08.2006 16:33:20] Connected. Authenticating...

I thought it was a firewall issue - but no, it happens all the same even if the firewall is disabled.

Please help - is there something I can do to speed this up?

[till]

Plese check that you have these two lines in your /etc/proftpd.conf file:

IdentLookups off
UseReverseDNS off

and no other occurences of these two config options.

[dimas]

Thank you for your advice, but unfortunately it did not help.

IdentLookups off was already in my config file, so I only added UseReverseDNS off - but it changed nothing. Still 10 seconds. (I even restarted the server for good measure).

I also uncommented the line DelayEngine off (in the hope that this is the cause of the problem) - but it didn't help either.

Here is my proftpd.conf (comments are stripped):
ServerName "Debian"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"
DenyFilter \*.*/
Port 21
MaxInstances 50
User nobody
Group nogroup
Umask 022 022
AllowOverwrite on
DelayEngine off
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
UseReverseDNS off
Include /etc/proftpd_ispconfig.conf

[edge]

Not sure if this will help, but it's worth a try..
If you have a firewall running, turn it off and see if the login is faster.

Make sure you turn the firewall on again after testing, and report back the results..

[dimas]

I already tried it with the firewall on and off - there's no difference...

[falko]

Did you try with both active and passive transfers in your FTP client?
This thread might also be of interest: http://www.howtoforge.com/forums/sho...ighlight=60000

[dimas]

Thank you for your help, but still the problem persists. I tried both active and passive transfers (I even used different ftp clients) - but it's always 10 seconds after "Socket connected.Waiting for welcome message..." It may not seem like a big problem, but in fact it quickly gets very frustrating if you test a site and have to frequenly upload files to see how they look on the server... (By the way, even if I don't disconnect, there's a 10 seconds pause before I can upload some new files). Also I have to think about my clients who will not be happy Anyway, thank you for your help, I'll keep trying to find the cause of this.

STATUS:> [26.08.2006 17:15:55] Socket connected. Waiting for welcome message...
[26.08.2006 17:16:05] 220 ProFTPD 1.2.10 Server (Debian) [85.249.237.53]
STATUS:> [26.08.2006 17:16:05] Connected. Authenticating...

[dimas]

I'm coming closer to a solution, but questions still remain...

First of all, I can now log in without any delays if the firewall on my CLIENT pc is totally disabled. I didn't try it before because my client pc could log in to other ftp servers without delays.

Well, now I know that the problem lies in the relationship between proftpd server and my windows xp sp-2 built-in firewall.

Strangely enough, there are no delays ONLY if the client firewall is totally disabled. With the client firewall switched on there is always a 10-second delay (even though I opened ports 20,21 and 60000-60005 in my client firewall).

What other ports do I need to open in my client firewall? And why is it that my client firewall produces delays ONLY with proftpd, not with other ftp servers?

[dimas]

I have found out (by studying c:/windows/pfirewall.log) that the client pc port that needs to be opened is 113. Indeed, once it is opened, there are no delays. So now everything is OK, but...

I can't say that it is an easy decision to tell every client who has windows xp sp-2 to open this port on their computers in order to work comfortably. I repeat that with this port closed other ftp servers can be reached without delays.

So - I wonder is there a way to configure proftpd so that client pcs with port 113 closed could work without delays...

[dimas]

I have the answer finally, after many hours of searching, trial and error...

Of course, the answer is very simple.

The 'perfect setup' howto says that the following lines should be added to proftpd.conf:

DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."

BUT IF ADDED LIKE THIS, THE CHANGES WILL NOT AFFECT THE VIRTUAL HOSTS!

So actually it should be like this:
<Global>
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
</Global>

Then everything will be OK - now there is no need to open port 113 on client pcs.

I hope this solution will help somebody.