[CentOS] vsftp problem C7

[Alessandro Baggi]

Hi list,
I've an update:

I've changed listen_port from 21 to 10021 restarted again vsftpd and 
problem is solved.

I can't understand whats happened.


Any ideas?


Il 15/02/2017 13:37, Alessandro Baggi ha scritto:
> Hi list,
> I've a problem with vsftpd on C7.3. This is a dedicated server protected
> by a Zywall5. SELINUX is disabled.
>
> This is my vsftpd configuration:
>
> anonymous_enable=NO
> local_enable=YES
> write_enable=YES
> local_umask=022
> dirmessage_enable=YES
> xferlog_enable=YES
> connect_from_port_20=YES
> xferlog_file=/var/log/vsftpd.log
> xferlog_std_format=YES
> idle_session_timeout=600
> data_connection_timeout=120
> ftpd_banner=Welcome
> listen=YES
> listen_port=21
> pasv_enable=YES
> pasv_min_port=50000
> pasv_max_port=50100
> pasv_address=public-ip
> port_enable=YES
> pasv_addr_resolve=NO
> listen_ipv6=NO
> pam_service_name=vsftpd
> userlist_enable=YES
> tcp_wrappers=YES
>
>
> Connecting from localhost to the local ip with ftp command, I've no
> problems.
> If I try to connect from remote host to the ftp server I got some problems.
>
> Connecting from my workstation I can log in with user and pwd but when
> listing I get:
>
> 230 Login successful.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> ls
> 227 Entering Passive Mode (188,213,172,158,206,207)
> ftp: connect: Connection refused
> ftp>
>
> Seems to be a firewall (zywall5) problem. On server firewalld is
> disabled and there are not iptables rules.
>
>
> So I've open port 20,21,50000:50100 from my ip to server ip. The problem
> persists.
>
> I've tried to open all ports (Using Any TCP and Any UDP) but the problem
> persists.
>
>
> I've tried with another local server with the same vsftpd configuration
> and I've reproduced the problem by closing all ports with iptables. I
> get the same messages but after enabling specified ports with iptables
> on server the issue is solved.
>
>
> How I can solve this issue on remote server?
>
> THanks in advance.
>