When tranferring files via http/ftp to NAT’ed machines, bandwidth is extremely redeuced; however, when transferring files via http/ftp to same machines on local network via PPTP, there are no visible bandwidth limitations. Can anyone help fix or explain this behavior.
Thanks!
When transferring to the NAT’ed machines. Do you have FTP servers running on them with port forwarding set up to reach them? Or did you mean that you’re opening a ftp client session from a NAT’ed PC and downloading to it?
Using NAT tells me you’re sharing one public IP on a broadband connection. When speed is your broadband connection? You’ll always get faster speeds on your local LAN than over the much slower internet connection.
Or do I miss the point?
Sorry for the ambiguity, let me clarify… this issue does not appear to be client (end-user) related as I have confirmed the issue from numerous outside networks…
I’ll continue to use our FTP server as an example, but the problem exists for all servers (and protocols) behind our router. Our router is assigned an IP address block and hands a number of addresses off to individual servers via firewall NAT entires such as:
chain=dstnat action=dst-nat to-addresses=192.168.100.5 dst-address=x.x.x.5
The the following [applicable] filters are applied:
chain=forward action=accept connection-state=established
chain=forward action=accept connection-state=related
chain=forward action=drop connection-state=invalid
chain=forward action=accept src-address=192.168.100.0/24
chain=forward action=accept protocol=tcp dst-address=192.168.100.5 dst-port=80,443,20,21,5004-5005
chain=forward action=accept protocol=icmp
chain=forward action=drop
If I transfer a file via FTP to this machine (via its public address), the maximum throughput is <2mbps. However, if I PPTP to the router and FTP to the same server via its internal address (192.168.100.5), the maximum throughput is equal to my client internet connection (10 mbps).
The same is true for all servers/services NAT’d through the router… each connection appears to be limited to ~2mbps, despite plenty of bandwidth.
Any thoughts?
Hi,
Maybe there is a queue, which limits ingress bandwidth from public address/interface?
Regards, Grzegorz.
seems logical, but I have no queues configured.
Maybe ISP limits bandwidth for some well-known services (http/s, ftp), but not for PPTP?
Regards, Grzegorz.
Yes. ISP limiting would be my guess as well.
Try doing a multi-threaded connection/upload. Most ISPs’ shaping will not limit by source IP, but rather per TCP/UDP connection.
I considered that, however, I can enable FTP on the router and FTP directly to it at 10mbps (my client ISP max).
So in summary,
I can FTP to the router at full speed
and, I can FTP through the router via PPTP at full speed
but, Speed is reduced (~2mbps) when FTPing to a NAT’d server
The speed is only reduced per connection, I can open multiple ~2mbps connections simultaneously.
Also, I have tested with ALL filters disabled… no difference.
also, against the ISP idea, this MikroTik replaced a Cisco ASA with which we did not have these issues.
any other ideas from anyone? this bug is holding up our HD video launch due to the constricted bandwidth per connection.
I don’t see any bugs here, normally there is no bandwidth limit like you describe if there is only as little configuration as you described. There must be something else. To rule out configuration, you can do a complete system reset, and apply only the basics. Then test again. If that doesn’t solve it, this leaves the ISP.