4. Help with network design and diagnosis of slow FTP

Help with network design and diagnosis of slow FTP

  • S

    I'm moderately knowledgeable about networks and have had some problems with my Comcast performance recently. I was using a D-Link DIR655 and this didn't allow me to have good visibility of what was happening on the WAN interface. So I decided to build a pfSense machine so I could see in more detail what was going on. My network setup is attached and I have two questions.

    1. Any comments on the numbering/design of the network?
    2. I am having some real problems with FTP performance. The desktop on the LAN is getting 500k speeds over FTP to the Server in the DMZ.

    Before I switch to this new design, I could download from the server at speeds around 5-6mb, but now I can't get anything above 500k. Anyone know where I start diagnosing this? FTP performance to public websites is fine, it just seems to be an issue going from LAN->DMZ. I've also tried transferring data from the HTTP server in the DMZ and I also get very poor network performance.

    Details of my configuration are on this website, http://www.daftdonkey.com/external/network/design/index.html

    D-Link DIR655

    WAN Static setup
    IP: 192.168.150.2
    Subnet: 255.255.255.0
    Gateway: 192.168.150.1
    Primary DNS: 68.87.76.178
    Secondary DNS: 68.87.76.130
    MTU: 1500

    LAN setup
    IP: 192.168.1.1
    Subnet: 255.255.255.0
    Enable DNS relay: Yes
    Enable DHCP Server: Yes
    DHCP Range: 192.168.1.100 - 199
    DHCP lease (mins): 1440

    Wireless setup
    SSID: Wireless
    802.11 mode: Mixed 802.11n, g, b
    Channel auto scan: Yes
    Channel width: Auto 20/40 MHz
    Security: WPA-Personal

    Other settings
    No virtual servers, port forwards or any rules defined.
    Traffic shaping disabled.
    SPI firewall disabled.
    Anti spoof checking disabled.
    UPNP enabled.

    pfSense
    WAN: DHCP
    Disabled userland FTP-Proxy application
    Block private networks
    Block bogon networks

    LAN: 192.168.150.1/24
    DMZ: 192.168.200.1/24

    0
  • K

    What's the hardware you're running pfSense on? Why do you have the DIR-655 doing NAT? And I wouldn't expect much from a USB NIC. If you must use one, use it for your slowest link (ie. the WAN side).

    0
  • S

    Actually i've solved this by changing the design of the network. Thanks!

    0
  • M

    Hi, I am a pfsense newbie!  Here at work we connect to the Medicare site by first dialing up and then through ftp.  Right now we have to disable our local area network everytime we are sending a file.  Can you tell me what I need to change where we won't have to disable our network every time?  Do I need to uncheck any of the settings under 'FTP helper'?

    Thanks
    Marty :-\

    0

  • A little more information is required.  At the very least why you have to disable the LAN.  What happens if you don't?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy