Hi all,

I'm running a Linux FTP server behind my Draytek Vigor 2820n and clients are getting timeouts when attempting to download large files. The router is configured with all the requisite port forwarding and NAT open ports for passive mode FTP to the point where everything works great except when downloading large files, whereupon the session will predictably time out on the client side.

A little research led me to this web page: http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html which seems to address the problems I am encountering under the section headed "Problems caused by the firewall prematurely timing out a valid FTP session":

Since the FTP protocol uses two connections, a control connection for communicating with the client, and another connection to transfer data, there is twice the probability of getting timed-out by an impatient firewall. The most common instance of this problem occurs comes into play during a long file transfer. When a transfer is initiated (on the control connection), the control connection is idle until the transfer (on the data connection) finishes. If the routing device does not special case for the FTP protocol and the data connection takes longer than the routing device's idle timeout, then the control connection will be timed out. This is a significant problem since the client program may wish to continue using the FTP session, such as downloading additional files.

This seems to fit the bill perfectly for the problem I am experiencing. Based on this it would seem that the router is timing out my FTP control connection whilst the (long) download takes place over the data connection. Consequently, once the particular large file has finished downloading over the data connection (or even before it has finished) the FTP control connection is no longer available to initiate the download of the next file (e.g. when downloading a whole directory which contains subdirectories and multiple files). I have tried two different FTP servers (ProFTPd and VSFTPD) with the same results on both; however when I disable the Draytek's firewall the transfers complete normally, so I'm convinced it is the firewall timing out the FTP control connection as described above.

I have no control over which FTP client software the users use (some of them will be using FTP via Internet Explorer, for example) and therefore setting up the clients to send NOOP keep-alives is not an option; instead I would rather just configure my own setup so that it 'just works' for the clients. Does anyone know how to configure the Draytek 2820 to "Special case" the FTP protocol so that it does not time out my control connection, as suggested by the above web page, or at least how to configure it to not time out my connections so eagerly? I cannot find any configuration option for this.

Any help would be greatly appreciated.