I'm configuring a vsftpd server that's also running iptables. Without
the necessary udp ports open, data connections are blocked so ftp
clients fail. I configure vsftpd to use a specific range of udp ports
for the pasv transfers. I configure iptables to allow that range of
udp ports. Let me show a quick example of what I'm talking about.

# cat /etc/vsftpd/vsftpd.conf | grep pasv
pasv_min_port=2000
pasv_max_port=2100

# cat /etc/sysconfig/iptables| grep 20000
-A RH-Firewall-1-INPUT -p udp -m udp --dport 2000:2100 -j ACCEPT

When I test with an ftp client, the ftp client *does* use the correct
udp ports, and the ftp client *is* able to list files, send files, etc.
But from the moment it initiates the udp connection to the point at
which the data transfer begins is *really* delayed. Several seconds,
easy.

Am I going about this the wrong way? Why would there be this long
delay? With iptables disabled, the data connections are smoking fast.
So it would seem to have something to do with the iptables service.
The load is 0.00, so it's not like it's working too hard.

Thanks,
Scott