Hi list, I’ve a problem with vsftpd on C7.3. This is a dedicated server protected by a Zywall5. SELINUX is disabled.

This is my vsftpd configuration:

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask2
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log xferlog_std_format=YES
idle_session_timeout`0
data_connection_timeout0
ftpd_banner=Welcome listen=YES
listen_port!
pasv_enable=YES
pasv_min_portP000
pasv_max_portP100
pasv_address=public-ip port_enable=YES
pasv_addr_resolve=NO
listen_ipv6=NO
pam_service_name=vsftpd userlist_enable=YES
tcp_wrappers=YES

Connecting from localhost to the local ip with ftp command, I’ve no problems. If I try to connect from remote host to the ftp server I got some problems.

Connecting from my workstation I can log in with user and pwd but when listing I get:

230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls
227 Entering Passive Mode (188,213,172,158,206,207)
ftp: connect: Connection refused ftp>

Seems to be a firewall (zywall5) problem. On server firewalld is disabled and there are not iptables rules.

So I’ve open port 20,21,50000:50100 from my ip to server ip. The problem persists.

I’ve tried to open all ports (Using Any TCP and Any UDP) but the problem persists.

I’ve tried with another local server with the same vsftpd configuration and I’ve reproduced the problem by closing all ports with iptables. I
get the same messages but after enabling specified ports with iptables on server the issue is solved.

How I can solve this issue on remote server?

THanks in advance.