SRH99: I'm a bit surprised that you see the same limit on WAN and LAN especially with multiple logins without using SSL. Have you tried uploading/downloading a file locally via the 127.0.0.1 interface? The loopback address should show you the max speed you can expect without actually using the network. I think in my testing I was getting 40-50mb/sec per connection (with SSL even I think) on my machine with ioftpd sending to ioftpd so long as I didn't up/down using the same disks so there isn't any magic 200mb/sec limit I'm aware of.
When testing your local LAN are you using a 192.168.x.y addr or are you using your external IP addr if behind a NAT router? The reason this is important is that using the external IP addr makes the router process the packets just like any other WAN connection and I believe most home routers can't handle 200mb+ traffic. They claim they're gbit but that's only for local traffic. They skimp on the CPU to save costs so when they have to process firewall rules, bandwidth limits, etc it causes everything to slow down. Try googling your particular router. In fact, I'm not aware of any router (except maybe the newest AC varieties) that get even 600mb/sec external traffic with most modems in the 200mb/sec effective range. When you mentioned the varying speeds with both up/down traffic that's a pretty sure sign of a limited resources somewhere (the router CPU being one possibility).
The way to use a LAN ioFTPD server is to set the address to 192.168.x.y in FlashFXP, etc and enable the Use Site IP for PASV connection option in the site settings. This tells your client to ignore the IP address given in the PASV command response (which would be your external IP so everyone else gets the correct answer) but you know you can get to it directly so you just use the locally routed IP. This should eliminate all firewall rules in your router which helps speed things up, just make sure you don't have speed limiting enabled for particular hosts on the local LAN in your router configuration. I doubt you'll get that feature unless you're using custom firmware like tomato, etc. NOTE: You'll have to add the 192.168.x.y host to your hostmask if not already there, and you won't be able to use PORT connections (non-passive mode) unless you relax your Deny_Port_* rules which I don't recommend since you should be using passive mode anyway. By default ioftpd is prohibited from talking to itself locally because of these rules. That is considered a safety feature and operating as intended.
|