problem on bad pf preformance!

P

Payne

Recently, I tried to upload thousands of files through ftp. But when my pf firewall enabled. The upload progress always stuck and need to try re-connect several times to get success upload remaining files again and again.
When I disable the pf everthing going fine and upload very fast.

Is that mean...pf stuck ?
Should I try other firewall instead ?
 
this is my ftp setting inside the pf.conf

this is my ftp setting inside the pf.conf

Code: 
ftp_ctl_port = "2221"
ftp_pasv_ports = "60000 >< 60100"
ftp_act_port = "20"

#FTP
pass in quick on $ftp_if proto tcp from $ftp_access_list to $ftp_ips port $ftp_ctl_port keep state
#for passive mode
pass in quick on $ftp_if proto tcp from $ftp_access_list to $ftp_ips port $ftp_pasv_ports keep state
#for active mode
pass out quick on $ftp_if proto tcp from $ftp_ips port $ftp_act_port to $ftp_access_list keep state
 
Have you instructed ftpd to specifically use those passive ports?
 
yes ~ I did
the ftp is working fine.
just when I upload thousands of files continuously. The pf performance become so bad. The ftp client will stop sending after sent several ten files. and try to re-connect to ftp server. But also need to try several times before get success again.
If I close the PF...no problem anymore.
So, I still think is the PF problem.
 
I discover something~
Seems pf held the connection so it was not releasing continuously.
and I have limited the allowed connections - 100.
So, after 100 connections used the ftp client need to wait the connection release begin get success to connect again.

Do I have any approach set pf just disconnect and release connections directly instead of keeping connections a while?
 
You've only allocated 100 ports. How do you expect to run more than 100 simultaneous transfers?

Allocate more ports, or enable ftp-proxy.
 
No pf does not sucks. We have pf in front of 1G links and never had single packet drop or anything like that. Use ftp-proxy as suggested by above poster.
 
You must log in or register to reply here.
Back
Top