Slow connecting to wu-ftp

[ManagerJay]

I am having a problem with connecting to wu-ftp. Occasionally, the connection will time out before it is completed, but usually, there is about a 30 second pause before being prompted for a username.

wu-ftp is running on a RedHat Linux 7.2 box. The system has two ethernet cards one of which is connected to the Internet (1.1.1.1), and the other is connected to the Intranet (2.2.2.2). Connecting to the Intranet side from the 2.2.2.2 network connection times are normal.

I'm guessing this is some type of name resolution problem. I have registered a name with dyndns.org for testing purposes, and it is registered with the correct IP address.

At first, I thought this problem might be related to the iptables firewall I have setup, but the results are the same if the default policies are set to ACCEPT and the chains are flushed.

I am connecting to the server through my home system which is using NAT on an RH 6.2 box. The ip_masq_ftp module is loaded on the RH 6.2 box and I am able to connect to other ftp servers without any problems. Do I need to do something on the RH 7.2 box to allow for this type of connection?

Any suggestions would be greatly appreciated.

Thanks in advance for your assistance.



Jay

 

[Norwich]

this is quite a common one, do a google search on:

ftp delay reverse dns

It's probably the ftp server trying to resolve the client machine name from it's IP address - it probably works for the intranet machines because of local hosts files or name server.

It waits for the reverse lookup to return - after it times out it establishes the connection anyway. Need to find a way to turn the reverse lookup off on the ftp server (or tcp wrapper) or use a client whos DNS record is set up correctly.

 

[MrTom]

Sounds like the server is trying to do ident on the connection. There are varying ways of disabling this depending on how you have installed wu-ftp. The man pages should provide some info on this tho. Good luck.

 

[ManagerJay]

The issue was two-fold. First, on the server I was connecting to, I had misconfigured the DNS settings.

Second, working from behind a firewall, port 117 was not being allowed through for the authentication. After allowing port 117 through, everything popped right up.

Thanks for your help.


Jay

 

[clancyfan]

I am having a similiar issue trying to get FTP through my IPTables setup. The connection works, but very slow to respond. As soon as I remove the firewall, problem goes away.

 

[ManagerJay]

The problem was as MrTom suggested (ident lookups). Once I allowed port 117 through the firewall, the ftp service started repsonding as it should. Please let me know if you need additional help with this. Feel free to e-mail me directly.

Jay

 

[clancyfan]

Thanks ManagerJay, So to understand correctly I will need ports 20,21,117 open to allow active ftp connections? I am doing this all with iptables which I am only just learning. The connection does work when I open the above mentioned ports in the INPUT chain, however the connection via ftp is slow to authenticate and slow to issue commands. When firewall is dropped, all is well again, but I need security on this server soon )