I’ve had to move my VM install to a new box as the old one is failing. and we’re having trouble getting proftpd to accept passive connections, in fact some clients (fireftp) wont connect in active mode either, but that could just be the clients. Windows command line ftp and filezilla will connect in active mode fine though.
After a successful login i get the following in FileZilla console
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (88,208,218,156,229,11).
Command: LIST
Error: Connection timed out
Error: Failed to retrieve directory listing
and the corresponding login from proftpd’s log looks like
::ffff:94.171.227.76 UNKNOWN nobody [08/Jan/2010:13:10:27 +0000] "USER btg" 331 -
::ffff:94.171.227.76 UNKNOWN btg[08/Jan/2010:13:10:30 +0000] "PASS (hidden)" 230 -
::ffff:94.171.227.76 UNKNOWN btg [08/Jan/2010:13:10:30 +0000] "PWD" 257 -
::ffff:94.171.227.76 UNKNOWN btg [08/Jan/2010:13:10:30 +0000] "TYPE I" 200 -
::ffff:94.171.227.76 UNKNOWN btg [08/Jan/2010:13:10:30 +0000] "PASV" 227 -
I read Joe’s last post to this thread in which he mentions either allowing all high ports, or RELATED connections through the firewall and I think thats what i’ve got in my config
[root@web1 ~]# iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
...
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp state NEW
...
DROP all -- anywhere anywhere
We’re running Centos 5.4 and ProFTPD 1.3.0a.
Does anyone have any idea what the issue could be ?
Cheers, Chris