A Really Baffling FTP Problem

Friday, 27 May 2005, 10:30 | Category : Unix
I’m having a strange problem with FTP. I have a Solaris 9 box in a DMZ. FTP from my Solaris 9 boxes inside the firewall to the Solaris 9 box in the DMZ is going extremely slow – 60-100 Kbps. FTP from Windows boxes or Linux boxes inside the firewall to the Solaris 9 box in the DMZ is much, much faster – 4000 Kbps. FTP from Windows or Lunix boxes to a Windows server in the DMZ is also much faster, in the neighborhood of 4000 Kbps. It’s only the Solaris-to-Solaris transfer that’s slow. The network folks did some reconfiguring of the network last week, and maybe there’s some config parameter that Solaris needs to know about, but what? Can anybody give me a rational explanation for this?

Here’s an example – I have one roughly 3 GB file that I need to move between the two Solaris boxes. It takes about an hour to make the transfer. However, if I ftp it from the Solaris box behind the firewall to my PC (also behind the firewall), then from my PC to the Solaris box in the DMZ, the total for both transfers is about 10 minutes. Or I can transfer that file from one Solaris box to another one not in the DMZ in the same 10 minutes. It’s just between one Solaris box behind the firewall to the Solaris box inside the DMZ that’s exceedingly slow.

  1. 1Dave

    Still no bites? I wish I could offer some advice, but I’ve never dealt with Solaris. Here are a few questions that might at least suggest a possible workaround…

    Does the problem only happen when the target computer is in the DMZ, or do all Solaris boxes behind the firewall have this problem communicating? If so, can you take the computer out of the DMZ and use port-forwarding from the router instead?

    When establishing the connection, are you specifying the virtual address of the DMZ computer on the firewalled network, or the Internet IP address of the router (forcing it to forward the packets to the Solaris machine)? Have you tried doing it the other way?

    Have you tried using a different port number?

    Have you tried a different protocol, like SFTP or even an instant messenger program?

    Can you port-forward through a Windows machine that is also behind the firewall?