Jump to content
Sign in to follow this  
cvk

Proftpd Login Stalling Solution

Recommended Posts

Some TCH customers may have noticed that when they connect their FTP clients to their TCH servers there is a 10-second delay before the FTP server gives the login prompt. (It's most noticeable when using FTP clients that display the text of the login sequence. Others such as Dreamweaver just say something like, "Server not responding...please wait.")

 

If it happens to you it’s because you’re sitting behind a NAT device on your home or office network and because your TCH server is running an FTP server called ProFTPD. (A router that shares your internet connection among multiple computers in your home is a NAT [network address translation] device, so if more than one computer in your home or office can access the internet at once through your DSL or cable modem, chances are this means you.)

 

It’s just a 10-second delay, but it’s really annoying! Fortunately there’s a good reason it does this and it’s not hard to fix.

 

TCH uses ProFTPD on some of their servers and by default when ProFTPD gets a connection request it tries to connect to an ident server running on port 113 of the computer that initiated the connection to it. However, Windows machines don’t run ident servers (usually) so when they receive connection requests on port 113 they reject them immediately. That’s okay, though — even good!: ProFTPD receives the rejection and just continues the login sequence immediately as if nothing had happened.

 

The stalling problem only occurs when the connecting computer is behind a NAT or other firewall device. In that case the NAT device receives the connection attempt on port 113 instead of your computer, and instead of rejecting it like most computers would it doesn’t acknowledge or deny the connection in any way at all (a behavior that many firewalls have that’s called “blackholing”). Now ProFTPD has to wait for 10 seconds (the default time-out length) to see if the connection happens, but it never will. The only thing that happens is the annoying delay.

 

That annoying delay isn’t a big problem if you only connect once a day and stay connected until you’re done updating your site, but my office uses a product called Macromedia Contribute (version 2.0.1) to collaboratively maintain our site. Contribute connects to the FTP server to check out a document /every/ time you start editing it and then again when you’re finished, causing a total delay of 20 seconds for each page edit in addition to file transfer time. When one of my coworkers goes around making minor changes to 8 or 10 pages in a row it really starts to slow him/her down.

 

Luckily there are two good solutions to this problem. The best solution is for TCH to add the following line to the /etc/proftpd.conf file on each server that runs ProFTPD:

 

IdentLookups off

 

That’s it! That’s all they have to do. The next time ProFTPD is started by xinetd the problem will be gone. Unfortunately TCH may not be willing to make that change. They have a bunch of servers and it would take a little while to make the same modification to each of them (I’m guessing about one minute per server). TCH is a great company and they’re very concerned about their customers so they might just go to that trouble, but I’m sure they’re also very busy with more pressing matters so it might not happen.

 

The second solution is one that you can apply at your own home or office. Use your router’s web administration interface to forward UDP and TCP ports 113 directly to your desktop’s IP address or to the IP address of another computer on your network that will be on while you’re trying to use FTP. That way the connection request from TCH’s FTP server will be forwarded to your computer which will promptly deny it and the login will proceed without delay. (It will help if you’re using static IP addresses on your home/office network since you’ll need to know the IP address of your computer in order to forward connections to it.) For help doing this check your router’s manual or Google for its model number.

 

Not sure which device is your router? If you have DSL it’s probably the DSL modem. Otherwise it’s the thing made by Netgear, Linksys, or D-Link. It may also be a hub/switch, so there may be a bunch of ethernet ports in the back or even an antenna or two if it’s also your wireless access point.

Share this post


Link to post
Share on other sites

Very nice! Some good info there. I get asked at least 3-4 times a week "why does my FTP stall for a few seconds" Now instead of trying to explain it I can link them to your post :D

Share this post


Link to post
Share on other sites

I don't have the 10 second delay problem on my wireless network at home...but I know why :D

 

I use IRC and needed port 113 open for identd usage so I could be identified on the server. I configured my router a long time ago to keep 113 open for the IP of my desktop.

 

Interesting that the server software for FTP would check for identd even if no one is actually using it for identification purposes. I suppose its a security feature thats not being used but is left on by default since it doesn't actually stop connection.

Share this post


Link to post
Share on other sites

Thanks cvk for the post. All of TCH servers are running Pure-FTP, but if there is a server that is using ProFTPd, then please notify us and we will most likely switch it over to Pure-FTP. As far as I have know and have seen in the past, Pure-FTP does not have the delay that you are talking about. I have seen it log in straight away. I'll be doing a check later to make sure that the servers are running Pure-FTP. Again, thanks for informing us of this.

Share this post


Link to post
Share on other sites

220 ProFTPD 1.2.9 Server (ProFTPD) [server55.totalchoicehosting.com]

 

Server 54, 51, 50, 49, 46, 45, 44, 24, 8, and 1 are also running ProFTPD.

Share this post


Link to post
Share on other sites

Big Gorilla,

 

Thanks for letting us know. Alan will take a look at all the systems, there may be a few that have special circumstances, however, any that don't, we'll move over to PureFTPd or at least resolve the identd check issue. :)

 

Again, thanks for letting us know.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...