ftp login very slow

Discussion in 'Installation/Configuration' started by dimas, Aug 25, 2006.

  1. dimas

    dimas Member

    I have two servers configured according to the 'perfect setup' (both are Debian Sarge, ispconfig 2.2.6)

    Everything works great - the only problem is the slow ftp access. In fact, it takes up to 15 seconds to log in to any ftp account on both servers (from any other computer). The delay happens after the message "Socket connected. Waiting for welcome message..." is displayed.

    Here is a part of the cuteftp log - as you can see, this time it took 10 seconds to log in.

    STATUS:> [25.08.2006 16:33:10] Getting listing ""...
    STATUS:> [25.08.2006 16:33:10] Resolving host name studiograd.com...
    STATUS:> [25.08.2006 16:33:10] Host name studiograd.com resolved: ip =
    STATUS:> [25.08.2006 16:33:10] Connecting to FTP server... studiograd.com:21 (ip =
    STATUS:> [25.08.2006 16:33:10] Socket connected. Waiting for welcome message...
    [25.08.2006 16:33:20] 220 ProFTPD 1.2.10 Server (Debian) []
    STATUS:> [25.08.2006 16:33:20] Connected. Authenticating...

    I thought it was a firewall issue - but no, it happens all the same even if the firewall is disabled.

    Please help - is there something I can do to speed this up?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Plese check that you have these two lines in your /etc/proftpd.conf file:

    IdentLookups off
    UseReverseDNS off

    and no other occurences of these two config options.
  3. dimas

    dimas Member

    Thank you for your advice, but unfortunately it did not help.

    IdentLookups off was already in my config file, so I only added UseReverseDNS off - but it changed nothing. Still 10 seconds. (I even restarted the server for good measure).

    I also uncommented the line DelayEngine off (in the hope that this is the cause of the problem) - but it didn't help either.

    Here is my proftpd.conf (comments are stripped):
    ServerName "Debian"
    ServerType standalone
    DeferWelcome off
    MultilineRFC2228 on
    DefaultServer on
    ShowSymlinks on
    TimeoutNoTransfer 600
    TimeoutStalled 600
    TimeoutIdle 1200
    DisplayLogin welcome.msg
    DisplayFirstChdir .message
    ListOptions "-l"
    DenyFilter \*.*/
    Port 21
    MaxInstances 50
    User nobody
    Group nogroup
    Umask 022 022
    AllowOverwrite on
    DelayEngine off
    DefaultRoot ~
    IdentLookups off
    ServerIdent on "FTP Server ready."
    UseReverseDNS off
    Include /etc/proftpd_ispconfig.conf
  4. edge

    edge Active Member Moderator

    Not sure if this will help, but it's worth a try..
    If you have a firewall running, turn it off and see if the login is faster.

    Make sure you turn the firewall on again after testing, and report back the results..
  5. dimas

    dimas Member

    I already tried it with the firewall on and off - there's no difference...
  6. falko

    falko Super Moderator ISPConfig Developer

  7. dimas

    dimas Member

    Thank you for your help, but still the problem persists. I tried both active and passive transfers (I even used different ftp clients) - but it's always 10 seconds after "Socket connected.Waiting for welcome message..." It may not seem like a big problem, but in fact it quickly gets very frustrating if you test a site and have to frequenly upload files to see how they look on the server... (By the way, even if I don't disconnect, there's a 10 seconds pause before I can upload some new files). Also I have to think about my clients who will not be happy :( Anyway, thank you for your help, I'll keep trying to find the cause of this.

    STATUS:> [26.08.2006 17:15:55] Socket connected. Waiting for welcome message...
    [26.08.2006 17:16:05] 220 ProFTPD 1.2.10 Server (Debian) []
    STATUS:> [26.08.2006 17:16:05] Connected. Authenticating...
    Last edited: Aug 26, 2006
  8. dimas

    dimas Member

    I'm coming closer to a solution, but questions still remain...

    First of all, I can now log in without any delays if the firewall on my CLIENT pc is totally disabled. I didn't try it before because my client pc could log in to other ftp servers without delays.

    Well, now I know that the problem lies in the relationship between proftpd server and my windows xp sp-2 built-in firewall.

    Strangely enough, there are no delays ONLY if the client firewall is totally disabled. With the client firewall switched on there is always a 10-second delay (even though I opened ports 20,21 and 60000-60005 in my client firewall).

    What other ports do I need to open in my client firewall? And why is it that my client firewall produces delays ONLY with proftpd, not with other ftp servers?
  9. dimas

    dimas Member

    I have found out (by studying c:/windows/pfirewall.log) that the client pc port that needs to be opened is 113. Indeed, once it is opened, there are no delays. So now everything is OK, but...

    I can't say that it is an easy decision to tell every client who has windows xp sp-2 to open this port on their computers in order to work comfortably. I repeat that with this port closed other ftp servers can be reached without delays.

    So - I wonder is there a way to configure proftpd so that client pcs with port 113 closed could work without delays...
  10. dimas

    dimas Member

    I have the answer finally, after many hours of searching, trial and error...

    Of course, the answer is very simple.

    The 'perfect setup' howto says that the following lines should be added to proftpd.conf:

    DefaultRoot ~
    IdentLookups off
    ServerIdent on "FTP Server ready."


    So actually it should be like this:
    DefaultRoot ~
    IdentLookups off
    ServerIdent on "FTP Server ready."

    Then everything will be OK - now there is no need to open port 113 on client pcs.

    I hope this solution will help somebody.
  11. edge

    edge Active Member Moderator

    I've just tested it on my Debian system, and it does make the login faster (I did have a timeout about 4 sec to get connected to the server).

    Now when I connect it's connected straight away!

    Small note: the UseReverseDNS off does NOT work within the <Global></Global> tag!
    kudos to dimas :)
  12. 3cwired_com

    3cwired_com New Member

    Wow, I am pleased with how well that works, and how simple it was, because I too was pulling my hair out in an attempt to find a working fix for this. :D
  13. mickeb

    mickeb New Member

    Thanks a lot! it helped me, now the ftp is very fast! Lol i cant image how simple the solution was, any idea why the <Global> make things go smoother?
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    If a config setting is set as <global>, it will affect also virtual FTP hosts and ISPConfig creates a virtual FTP host for every IP address.
  15. mickeb

    mickeb New Member

    Im trying to understand this, if it affect virtual FTP hosts and ISPConfig create a virtual FTP host for every IP is it good or bad? im having a hard time understand. Sorry please explain. Is Global not good for security reasons?
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    The global setting has nothing to do with security and is neither good nor bad. It just defines the scope of the setting that is within the global tags.
  17. rootnovato

    rootnovato New Member

    I just want to say that I had the same problem and this instructions have fixed it.

    Thanks a lot man!! ;)
  18. keerekeerweere

    keerekeerweere New Member

    Just wanted to thank you for finding the solution.

    thanks a lot !
  19. mickeb

    mickeb New Member

    Thanks a lot Till, your knowledge are amazing!!!!! I want be as good as you some day :p
  20. Numerizen

    Numerizen Member HowtoForge Supporter

    Thanks a lot guys. Been searching about this for a few days. Now the login is lightning fast.

    This answer is seldom known, as I didn't found it on any other forum.

Share This Page