Why ftpd connected so slow, about 30 second

muxuefeng

New Member


Messages: 2

I edit /etc/rc.conf to ftpd_enable="YES", it's ok from localhost, but I use filezilliaFtp from other computer, it take about 30 seconds until the directory show, anybody can help me, thank you very much
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 9,085
Messages: 33,642

Firewall? Active or passive FTP?
 

olli@

Aspiring Daemon
Developer

Reaction score: 538
Messages: 583

That sounds like a DNS timeout. That is, ftpd(8) is trying to look up the DNS name for the incoming FTP connection, but for some reason it doesn't work and times out after 30 seconds. That's just a guess, but the symptom is really typical for such a situation. You can confirm it by looking for the DNS packets with tcpdump(1).

However, I'm not sure how to solve the problem. I don't think ftpd(8) has a switch for disabling DNS lookups. A workaround might be to reject that particular DNS request in your firewall or packet filter, so it returns an error right away, without having to wait for the timeout. This is all assuming that your DNS is set up correctly in general, of course. In case you're running your own name server, you might be able to handle the situation there.

Of course, it's entirely possible that the problem is caused by something else. :)
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 9,085
Messages: 33,642

A workaround might be to reject that particular DNS request in your firewall or packet filter, so it returns an error right away, without having to wait for the timeout.
Or just add the client's address and hostname to /etc/hosts.
 

olli@

Aspiring Daemon
Developer

Reaction score: 538
Messages: 583

I have add my client ip address to hosts, but it doesn't work. :)
You need to add the connecting machine’s IP address (not your own), because that’s the address that ftpd(8) is trying to resolve.
That only works if the IP address is always the same, of course. To find out the IP address, while the connection is established, use the command netstat -Sp tcp and look for lines containing an “ftp” port. The remote host's IP address (plus its port, which need not be ftp) can be found in the “Foreign Address” column.

By the way, the easiest way to test the lookup of an IP address on the command line is getent hosts <IP_address>, for example getent hosts 1.2.3.4. Technically it does the same thing as other programs like ftpd(8), so it’s useful for testing. Do not use specialized DNS tools for that purpose, like nslookup, dig or host, because they ignore /etc/hosts.
 
Top