Linux – Vsftpd usually works but sometimes gives FAIL DOWNLOAD on Ubuntu


I have a Virtual Private Server running Ubuntu 14.04 LTS minimal system (64-bit). I have successfully installed and set up Vsftpd which serves images to my mobile app (the app uses the Apache Commons FTP client). Most of the time this works perfectly and the app is able to download every file it requests, but sometimes the files just fail to download for no apparent reason. The /var/log/vsftpd.log file records the following entry when this happens:

Fri Aug 14 14:31:39 2015 [pid 28594] [ftp] FAIL DOWNLOAD: Client "{Client IP}",
"{image file}", 0.00Kbyte/sec 

It is worth noting that 99% of the time the client has a successful login, and that seems like an acceptable rate. I'd gauge the successful download rate closer to 70% though, and this is unacceptable for my needs. The app supports multiple platforms and I've seen this happen on Mac, iOS, and Android, so I doubt its the client device causing the problem.

I have searched all over the Internet for weeks trying to get Vsftpd to work like it is supposed to, but once it fails to fetch a file it keeps failing for that particular client for several minutes, even though I have mechanisms in place in the app to disconnect/reconnect the FTP client when there is an error with file transfer. It just seems like the server doesn't want to serve that particular device at that particular time. Eventually the server will "get over it" and allow the client to download images again like it is supposed to do. Also, it only seems to affect clients on an individual basis. I.e. my app's client isn't working now but yours is.

It seemed firewall related, so I went to disable my firewall only to find that my server doesn't have any firewall rules enabled, so I'm at a loss for what could be causing the sporadic download failures since they usually work exactly as anticipated. Specifically, this is the output I get from the iptables -L command:

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8333
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp-data
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination     

My Vsftpd setup allows only anonymous clients to connect via a password that I set. They only have read access to their root directory, /ftp. I intend to eventually serve hundreds or thousands of clients at a time, so I have most of the data/connection limits set very high or set to unlimited. Here is my full /etc/vsftpd.conf file:

ftpd_banner=You shouldn't be accessing this outside of the app. Logout now or you will be blacklisted.

I read somewhere online that PAM causes problems so I disabled it, but I still had the same problem before disabling it. It did seem to help a little bit though. It's worth noting that I don't know what PAM is or how it helps/hurts the process.

Could the problem be that I'm using a Virtual Private Server instead of an actual physical server? I just don't understand how the server can be so moody with no firewall and a very relaxed Vsftpd configuration. Any help with this problem would be appreciated. I have a fair grasp on Linux and networking but this is definitely out of my comfort zone. Let me know if I forgot something. I'm glad to add anything or try anything you request if it will help me resolve this bizarre problem. Thanks in advance!


Vsftpd works properly around 70% of the time but sometimes it quits allowing downloads to certain clients without giving a reason why. Then it will start working again after several minutes. The whole time it serves other clients without issue. Please help!

Best Answer

Well this doesn't technically solve my issues with Vsftpd, but Michael Hampton gave me some advice to solve the underlying problem of slow, unreliable file transfers. He suggested I use HTTP to serve files, so I used the Apache2 HTTP server that was already installed on my server. Now the images fetch reliably and I haven't seen any connection or download problems. Also, my app now downloads images substantially faster with HTTP than it did with FTP.

Long story short, if anyone fooling with Vsftpd sees this, I recommend trying an HTTP server instead if you aren't completely tied to using FTP. It's much easier to setup and there aren't so many little caveats you have to deal with. Michael Hampton was completely right. Thanks for the help!