FTP with default CSF not listing directory

stelios · August 25, 2020, 8:05am

Hi all,

On a new server with CSF installed and 21 port opened I can’t connect to the server. It tries but is not listing the directory files. Once I turn off the CSF it works fine.

Under messages this is the relevant (I guess ?) part (I swapped IPs etc):

Aug 25 10:48:25 client516 kernel: [1008123.791709] Firewall: TCP_IN Blocked IN=ens3 OUT= MAC=MACaddress SRC=MyLocalIP DST=MyServerIP LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=57777 DPT=46803 WINDOW=65535 RES=0x00 SYN URGP=0

Any help is very much appreciated.

DrCarsonBeckett · August 25, 2020, 9:29am

Reminds me of a bug which was fixed few versions back. Are you running the latest versions?

scotwnw · August 25, 2020, 1:30pm

If its timing out on login, port 21 is not open for incoming. If its logging in fine but timing out listing directory, port 20 is not open. I believe 20 needs to be open for outgoing only, but try in and out then narrow it down. If 20 can not be opened, will have to open passive port range to match passive port range used by your ftp client.

stelios · August 26, 2020, 11:16am

20 and 21 ports are opened. I’m running latest versions on everything installed.
This is very bizarre, why on earth it doesn’t work out of the box when you open those ports…

I had to setup passive ports range in proftpd.conf and then to open all those ports on csf to make it work.

DrCarsonBeckett · August 26, 2020, 11:29am

If you are using passive mode, then you need to set that up additionally. I think its not enabled by default.
Thats why it properly didnt work out of the box.

system · August 30, 2020, 11:29am

This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.