The zeroshell box limits ftp to 5mbps. I have discovered however that rate limiting may not in fact take place on any FTP session (host,client pair) which has been active in the period from system startup until when the QoS rules are loaded. In that case, the ftp client can get the (nearly full) 100mbps thruput to this single FTP server. During the same run if ftp to another host is initiatied, that session will be rate limited to 5mbps. But again ftp between the first host,client will be at the 100mbps speed and only another reboot of zeroshell will quell the problem unless it gets caught again at the right time. So this appears to be a risk only during system startup, and at other times if creating/adding new QoS classes.
I think whats happening here has to do with linux’s conntrack module and there being an entry for this host,client in ip_conntrack before qos is made. There does appear to be enoguh time between when the bridge interface is brought up and qos applied for an ftp to start (assuming the FTP is running in a continuous loop). I am able to reproduce this problem 4 out of 10 reboots of zeroshell.
Also I want to share that virtualbox, if you use the Intel ethernet driver, is dropping lots of packets thru zeroshell. The solution is to change to the pc-net adaptor. Pcnet is the default however so anyone trying a vm of zeroshell probabbly will never run into this problem.