CrushFTP also can work through all firewalls since it natively can
handle PASV mode and doesn't rely on the firewall/router to do the
translations for it.
This is pure bunk. PASV alone does not imply survival through most firewalls.
If the server's firewall/router is setup to allow PASV, you can be
guaranteed all clients will work. It puts the burden on the server
administrator instead of the FTP end users who have no clue, or may
not have control over the firewall they are behind.
The docs I read also suggest you have to open whole ranges of ports.
This is hardly a good option for a security conscious environment.
The better solution is an FTP proxy in your firewall, or,
alternatively and better still, running FTP on your DMZ.
If your firewall / router handles the NAT'ing properly, it won't
matter. CrushFTP works fine in that environment too. I have lots of
clients with firewalls and routers that mess up NAT'ing properly for
FTP reliably. Heck our Checkpoint$$$ firewall's at my corporate job
mess up FTP sessions reliably so there are special rules in place to
avoid the standard routes. A few days ago I had a client with a
Birch router that insisted on NAT'ing all incoming connections to the
external port 21!?! This was already in use obviously for the
control channel of FTP so all PASV connections failed because of the
messed up NAT handling. So my point is that if NAT is working right,
PASV works great. If NAT isn't working right, CrushFTP still can.
To be fair, I have a vested interest in your interest of CrushFTP,
or FTP in general. I am not an innocent bystander with no
affiliations.
Doesn't CrushFTP rely on the CrushFTP application running in a
console session? If so this makes it highly unsuitable for most
server needs and yields itself more towards workstation users needed
to share files. Servers normally expect no console requirements and
service deamons running in the background.
CrushFTP can run as a GUI app, or as a daemon. Even when running as
a daemon you can still use the full GUI to the daemon via two FTP
sessions into the server. CrushFTP can be installed, and the initial
remote admin account created from a terminal. So no, CrushFTP does
not require a console, or even a GUI.
Perhaps you'd also share some performance analysis of your ftpd?
One little disclaimer first. In general, other FTPD's are doing a
very very simple task of piping data from a file to the OS's TCP/IP
layer as fast as possible. They are doing virtually nothing else.
CrushFTP is doing lots and lots of things in comparison such as
bandwidth limiters, ratios, handling a virtual file system that can
be based on other FTP servers, or the local file system, etc. So
there should be some slowdown expected. However it is very minimal.
In fact you won't really see it on straight file transfers but only
in VERY high connection counts. ( > 1000 simultaneous clients) If
you are having that many clients, you'll be setting up load balanced
FTP servers to begin with.
I did some testing using clear FTP, and encrypted FTP (FTPS = SSL).
On a machine with 2GB, I set 1 GB for CrushFTP. I had 600
simultaneous connections all doing dir listings every 5 to 15
seconds. CPU usage was around 75%. When I scaled to 1000
simultaneous users I used up my 1GB of RAM and it started dropping
connections. When I went to 700 users, all was fine, but CPU was at
100% because of constant memory shuffling since there was so little
free RAM.
For SSL, I did a bit different of a test. I still used 600
connections, 1GB RAM, but this time I had it downloading a 113MB .zip
file with all the connections. Each connection averaged about
5K/sec. That is about 3MegaByte / second of SSL encrypted data with
600 simultaneous connections.
I have also done speed testing in the past, but I only have a 100MB
switch, so its a little meaningless. I saturated the switch and
sustained it for multi GB transfers.
CrushFTP 4 will also integrate with OS X better. It will be a
replacement for FTPD which OS X launches a new one on each incoming
connections. That will get replaced with a CrushFTPD mini daemon
that will simply redirect those connections to the real CrushFTP
server. Also with its SFTP support, you can have one server not tied
to OS user accounts that can provide SFTP, FTPS, HTTP, WebDAV.
I also plan on writing an LDAP plugin for CrushFTP 4 so you can
integrate it with say MS's Active Directory or whatever. 99% of my
clients are Mac's. However, there are a few PC clients that have
many many installations.
Thanks,
Ben
--
------------------------------------------------------------------------
CrushFTP 3
CrushFTP ---> http://www.crushftp.com/ by Ben Spink
No other server can compare to its features and price. ($25-$100)
(Full Remote Admining, IP Restrictions, Ratios, Bandwidth Limits, etc.)
------------------------------------------------------------------------
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
