What happens when you comment out Code: Include /etc/proftpd_ispconfig.conf and restart ProFTPd? Have you compared the proftpd.conf of the working and the not-working ProFTPd?
If I comment suggested line everything work as expected! And login to FTP is very fast now .. before I had to wait about 10 s. What included file do? Is it safe keeping it out? Thanks for solution
Thanks falco .. I don't use anonymous FTP so I comment out this line on other servers Thanks for your help SupuS
okey I didn't find mod_tls.c, but # if not --> compile proftp with tls : Quote: ./configure --with-modules=mod_tls make make install when I do it, I didn't find configure. I know ./ syntax this is running, but the file (configure) not exist.
Hi! I have followed this thread since i had the same problems as OP. When commented out the "Include /etc/proftpd_ispconfig.conf" line, i took one step in the right direction, but stumbled upon another one instead. When i connect, everything works fine until i reach the "LIST" command, where it hangs for awhile, and finally dissconnects with an error. Code: Status: Resolving IP-Address for ***.**************.com Status: Connecting to ###.###.##.###:21... Status: Connection established, waiting for welcome message... [COLOR="SeaGreen"]Response: 220 FTP Server ready.[/COLOR] [COLOR="blue"]Command: AUTH TLS[/COLOR] [COLOR="seagreen"]Response: 234 AUTH TLS successful[/COLOR] Status: Initializing TLS... [COLOR="blue"]Command: USER *************[/COLOR] Status: Verifying certificate... Status: TLS/SSL connection established. [COLOR="seagreen"]Response: 331 Password required for *************.[/COLOR] [COLOR="blue"]Command: PASS *******[/COLOR] [COLOR="seagreen"]Response: 230 User ****_******** logged in.[/COLOR] [COLOR="blue"]Command: PBSZ 0[/COLOR] [COLOR="seagreen"]Response: 200 PBSZ 0 successful[/COLOR] [COLOR="blue"]Command: PROT P[/COLOR] [COLOR="seagreen"]Response: 200 Protection set to Private[/COLOR] Status: Connected Status: Retrieving directory listing... [COLOR="blue"]Command: PWD[/COLOR] [COLOR="seagreen"]Response: 257 "/" is current directory.[/COLOR] [COLOR="blue"]Command: TYPE I[/COLOR] [COLOR="seagreen"]Response: 200 Type set to I[/COLOR] [COLOR="blue"]Command: PASV[/COLOR] [COLOR="seagreen"]Response: 227 Entering Passive Mode (###,###,##,###,199,172).[/COLOR] [COLOR="Blue"]Command: LIST[/COLOR] [COLOR="Red"]Error: Connection timed out Error: Failed to retrieve directory listing[/COLOR] Note, i have edited out the domain, IP and user name for privacy's sake. And here is the tls.log Code: Apr 03 17:00:01 mod_tls/2.1.1[24974]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable) Apr 03 17:30:01 mod_tls/2.1.1[25371]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable) Apr 03 17:33:37 mod_tls/2.1.1[25440]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable) Apr 03 17:33:37 mod_tls/2.1.1[25440]: TLS/TLS-C requested, starting TLS handshake Apr 03 17:33:38 mod_tls/2.1.1[25440]: TLSv1/SSLv3 connection accepted, using cipher DHE-RSA-AES128-SHA (128 bits) Apr 03 17:33:44 mod_tls/2.1.1[25440]: Protection set to Private Apr 03 17:34:27 mod_tls/2.1.1[25451]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable) Apr 03 17:34:27 mod_tls/2.1.1[25451]: TLS/TLS-C requested, starting TLS handshake Apr 03 17:34:27 mod_tls/2.1.1[25451]: TLSv1/SSLv3 connection accepted, using cipher DHE-RSA-AES128-SHA (128 bits) Apr 03 17:34:27 mod_tls/2.1.1[25451]: Protection set to Private Apr 03 17:35:15 mod_tls/2.1.1[25462]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable) Apr 03 17:35:15 mod_tls/2.1.1[25462]: TLS/TLS-C requested, starting TLS handshake Apr 03 17:35:15 mod_tls/2.1.1[25462]: TLSv1/SSLv3 connection accepted, using cipher DHE-RSA-AES128-SHA (128 bits) Apr 03 17:35:15 mod_tls/2.1.1[25462]: Protection set to Private Apr 03 17:35:49 mod_tls/2.1.1[25469]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable) Apr 03 17:35:49 mod_tls/2.1.1[25469]: TLS/TLS-C requested, starting TLS handshake Apr 03 17:35:49 mod_tls/2.1.1[25469]: TLSv1/SSLv3 connection accepted, using cipher DHE-RSA-AES128-SHA (128 bits) Apr 03 17:35:49 mod_tls/2.1.1[25469]: Protection set to Private Apr 03 17:46:26 mod_tls/2.1.1[25762]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable) Apr 03 17:46:26 mod_tls/2.1.1[25762]: TLS/TLS-C requested, starting TLS handshake Apr 03 17:46:26 mod_tls/2.1.1[25762]: TLSv1/SSLv3 connection accepted, using cipher DHE-RSA-AES128-SHA (128 bits) Apr 03 17:46:26 mod_tls/2.1.1[25762]: Protection set to Private Does anyone know what might cause this problem? Can this be because of firewalls, and if so, what ports other than 21 is needed to be open? I have tried to force active mode in CuteFTP and FileZilla, but it allways uses passive anyhow. The server is firewalled using the built in one in ISPConfig, and on my end i use a Netgear router.
I am using Filezilla, and yes i have tried both, but i seem to be forced to PASV mode no matter what i choose. I have tried to open port 20 and 21 on the server, and maped port 20 and 21 to my computer on my end. Still no go.
Hmmmm!!!! Just found something out. I was convinced the problem was on my end, but it seems it was on the server. I tried to disable the firewall in ISPConfig "turned it to off in services", and all of a sudden it works wonderfully. When i reactivate the firewall in ISPConfig again, it hangs during the login again. I have both port 20 and 21 open in the ISPConfig firewall, so i can't se why it would'nt work. I have even opened both TCP and UDP for port 20 and 21, just in case, but no go. But i have confirmed the problem lies on the server firewall controled by ISPConfig EDIT: Seems the ftp server dont support active mode for some reason. It tries to connect to active, but fails, and falls back to passive. Code: [COLOR="Blue"]Command: PORT 192,168,0,210,213,16[/COLOR] [COLOR="Lime"]Response: 500 Illegal PORT command[/COLOR]. [COLOR="blue"]Command: PASV[/COLOR] [COLOR="lime"]Response: 227 Entering Passive Mode (217,151,53,162,20,231)[/COLOR] [COLOR="blue"]Command: LIST[/COLOR] [COLOR="lime"]Response: 150 Here comes the directory listing. Response: 226 Directory send OK.[/COLOR] Status: Directory listing successful I am using VSFTPD for my ftp server.
EDIT: Disregard this post, read the one below instead. This is my current vsftpd.conf file... Code: # Example config file /etc/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # # Run standalone? vsftpd can run either from an inetd or as a standalone # daemon started from an initscript. listen=YES # # Run standalone with IPv6? # Like the listen parameter, except vsftpd will listen on an IPv6 socket # instead of an IPv4 one. This parameter and the listen parameter are mutually # exclusive. #listen_ipv6=YES # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=YES # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. #anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. #anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. #xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format #xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: ftpd_banner=Welcome to AllSoft Studios FTP service. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd.banned_emails # # You may restrict local users to their home directories. See the FAQ for # the possible risks in this before using chroot_local_user or # chroot_list_enable below. chroot_local_user=YES # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd.chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # # Debian customization # # Some of vsftpd's settings don't fit the Debian filesystem layout by # default. These settings are more Debian-friendly. # # This option should be the name of a directory which is empty. Also, the # directory should not be writable by the ftp user. This directory is used # as a secure chroot() jail at times vsftpd does not require filesystem # access. # secure_chroot_dir=/var/run/vsftpd ## # #this is important ssl_enable=YES # #choose what you like, if you accept anon-connections # you may want to enable this # allow_anon_ssl=NO # #choose what you like, # it's a matter of performance i guess # force_local_data_ssl=NO # #choose what you like force_local_logins_ssl=YES # #you should at least enable this if you enable ssl... ssl_tlsv1=YES # #choose what you like ssl_sslv2=YES # #choose what you like ssl_sslv3=YES # # This string is the name of the PAM service vsftpd will use. pam_service_name=vsftpd # # This option specifies the location of the RSA certificate to use for SSL # encrypted connections. rsa_cert_file=/etc/ssl/certs/vsftpd.pem # #the *.pem file contains both the key and cert rsa_private_key_file=/etc/ssl/certs/vsftpd.pem
Ok, just switched to Ubuntu instead of Debian, and decided to go with proftpd instead. Any good pointers to a guide that can help me set up iptables? Decided not to use the ISPConfig built in firewall since i want more control over the firewall, but can't find the iptables files that many howto's mention ( iptables-config and the one containing the firewall rules ), in fact, i can't find ANY iptables files at all even though i know it is installed. And i also need to find info on how to configure it to safely work with proftpd and SSL/TSL, preferably in active mode, but i can settle for passive if it's too hard.
http://www.howtoforge.com/linux_iptables_sarge http://www.howtoforge.com/custom_iptables_firewall For active mode, you need the ports 20 and 21.
Thank's for the help Falko. Will se if i can get it to work this time, otherwise i will be back and pick up where i left off with vsftpd. But hopefully i will get it to work this time around. Once again, many thanks, really apreciated.
Okay, after some reading and experimenting i am back to step one. I can log on just fine, but get stuck at the "LIST" command during login. My personal computer is located behind a NETGEAR FVS328 Router, set on NAT. Have maped port 20-21 to my computer on the LAN. The server is connected to the internet directly, and use IPTables for firewall. I have opened port 20-21 on the INPUT and OUTPUT chains. If i connect using passive mode, i log on fine, but get stuck on the LIST command. If i bypass my Netgear router, connecting my computer to the internet directly i can connect using Active mode since i am no longer behind a NAT firewall. But even there i get stuck on the LIST command. If i disable the IPTables firewall on ther server, i connect just fine. I will post all connection logs, my iptables and proftpd configurations below. Any insight or help to correct this problem would help me to stay sane, and of course be very much apreciated. When i connect i use FTPES for servertype in FileZilla. FileZilla Active connection behind no firewall Code: Status: Connecting to 217.151.53.162:21... Status: Connection established, waiting for welcome message... Response: 220 FTP Server ready. Command: AUTH TLS Response: 234 AUTH TLS successful Status: Initializing TLS... Command: USER web1_allmight Status: Verifying certificate... Status: TLS/SSL connection established. Response: 331 Password required for web1_allmight. Command: PASS ******* Response: 230 User web1_allmight logged in. Command: SYST Response: 215 UNIX Type: L8 Command: FEAT Response: 211-Features: Response: MDTM Response: REST STREAM Response: SIZE Response: AUTH TLS Response: PBSZ Response: PROT Response: 211 End Command: PBSZ 0 Response: 200 PBSZ 0 successful Command: PROT P Response: 200 Protection set to Private Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I Command: PORT 217,151,53,164,212,67 Response: 200 PORT command successful Command: LIST Error: Connection timed out Error: Failed to retrieve directory listing FileZilla Passive through Netgear NAT firewall Code: Status: Connecting to 217.151.53.162:21... Status: Connection established, waiting for welcome message... Response: 220 FTP Server ready. Command: AUTH TLS Response: 234 AUTH TLS successful Status: Initializing TLS... Command: USER web1_allmight Status: Verifying certificate... Status: TLS/SSL connection established. Response: 331 Password required for web1_allmight. Command: PASS ******* Response: 230 User web1_allmight logged in. Command: SYST Response: 215 UNIX Type: L8 Command: FEAT Response: 211-Features: Response: MDTM Response: REST STREAM Response: SIZE Response: AUTH TLS Response: PBSZ Response: PROT Response: 211 End Command: PBSZ 0 Response: 200 PBSZ 0 successful Command: PROT P Response: 200 Protection set to Private Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I Command: PASV Response: 227 Entering Passive Mode (217,151,53,162,219,96). Command: LIST Error: Connection timed out Error: Failed to retrieve directory listing FileZilla Active connection through portmaped Netgear NAT Firewall Code: Status: Connecting to 217.151.53.162:21... Status: Connection established, waiting for welcome message... Response: 220 FTP Server ready. Command: AUTH TLS Response: 234 AUTH TLS successful Status: Initializing TLS... Command: USER web1_allmight Status: Verifying certificate... Status: TLS/SSL connection established. Response: 331 Password required for web1_allmight. Command: PASS ******* Response: 230 User web1_allmight logged in. Command: SYST Response: 215 UNIX Type: L8 Command: FEAT Response: 211-Features: Response: MDTM Response: REST STREAM Response: SIZE Response: AUTH TLS Response: PBSZ Response: PROT Response: 211 End Command: PBSZ 0 Response: 200 PBSZ 0 successful Command: PROT P Response: 200 Protection set to Private Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I Command: PORT 192,168,0,210,212,76 Response: 500 Illegal PORT command Command: PASV Response: 227 Entering Passive Mode (217,151,53,162,187,68). Command: LIST Error: Connection timed out Error: Failed to retrieve directory listing PROFTPD.CONF Code: # # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes reload proftpd after modifications. # # Includes DSO modules Include /etc/proftpd/modules.conf # Set off to disable IPv6 support which is annoying on IPv4 only boxes. UseIPv6 off DefaultRoot ~ IdentLookups off ServerIdent on "FTP Server ready." ServerName "Debian" ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayFirstChdir .message ListOptions "-l" DenyFilter \*.*/ # Use this to jail all users in their homes # DefaultRoot ~ # Users require a valid shell listed in /etc/shells to login. # Use this directive to release that constrain. # RequireValidShell off # Port 21 is the standard FTP port. Port 21 # In some cases you have to specify passive ports range to by-pass # firewall limitations. Ephemeral ports can be used for that, but # feel free to use a more narrow range. # PassivePorts 49152 65534 # If your host was NATted, this option is useful in order to # allow passive tranfers to work. You have to use your public # address and opening the passive ports used on your firewall as well. # MasqueradeAddress 1.2.3.4 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User proftpd Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 # Normally, we want files to be overwriteable. AllowOverwrite on # Uncomment this if you are using NIS or LDAP to retrieve passwords: # PersistentPasswd off # Be warned: use of this directive impacts CPU average load! # Uncomment this if you like to see progress and transfer rate with ftpwho # in downloads. That is not needed for uploads rates. # # UseSendFile off # Choose a SQL backend among MySQL or PostgreSQL. # Both modules are loaded in default configuration, so you have to specify the backend # or comment out the unused module in /etc/proftpd/modules.conf. # Use 'mysql' or 'postgres' as possible values. # #<IfModule mod_sql.c> # SQLBackend mysql #</IfModule> TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log <IfModule mod_tls.c> TLSEngine on TLSLog /var/log/proftpd/tls.log TLSProtocol SSLv23 TLSOptions NoCertRequest TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem TLSVerifyClient off TLSRequired on </IfModule> <IfModule mod_quota.c> QuotaEngine on </IfModule> <IfModule mod_ratio.c> Ratios on # Delay engine reduces impact of the so-called Timing Attack described in # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 # It is on by default. <IfModule mod_delay.c> DelayEngine on </IfModule> <IfModule mod_ctrls.c> ControlsEngine on ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock </IfModule> <IfModule mod_ctrls_admin.c> AdminControlsEngine on </IfModule> # A basic anonymous configuration, no upload directories. # <Anonymous ~ftp> # User ftp # Group nogroup # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # Cosmetic changes, all files belongs to ftp user # DirFakeUser on ftp # DirFakeGroup on ftp # # RequireValidShell off # # # Limit the maximum number of anonymous logins # MaxClients 10 # # # We want 'welcome.msg' displayed at login, and '.message' displayed # # in each newly chdired directory. # DisplayLogin welcome.msg # DisplayFirstChdir .message # # # Limit WRITE everywhere in the anonymous chroot # <Directory *> # <Limit WRITE> # DenyAll # </Limit> # </Directory> # # # Uncomment this if you're brave. # # <Directory incoming> # # # Umask 022 is a good standard umask to prevent new files and dirs # # # (second parm) from being group and world writable. # # Umask 022 022 # # <Limit READ WRITE> # # DenyAll # # </Limit> # # <Limit STOR> # # AllowAll # # </Limit> # # </Directory> # # </Anonymous> DefaultRoot ~ #Include /etc/proftpd_ispconfig.conf My current IPTables firewall setting. Code: Chain INPUT (policy DROP) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ACCEPT tcp -- anywhere anywhere tcp dpt:ftp LOG_ACCEPT tcp -- anywhere anywhere tcp dpt:ssh LOG_ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:whois ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:spamd ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ACCEPT 0 -- localhost.localdomain anywhere icmp_packets icmp -- anywhere anywhere LOG_DROP 0 -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:telnet ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:whois ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:spamd ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ACCEPT 0 -- anywhere localhost.localdomain icmp_packets icmp -- anywhere anywhere LOG_DROP 0 -- anywhere anywhere Chain LOG_ACCEPT (2 references) target prot opt source destination LOG 0 -- anywhere anywhere LOG level warning tcp-options ip-options prefix `[IPTABLES ACCEPT] : ' ACCEPT 0 -- anywhere anywhere Chain LOG_DROP (2 references) target prot opt source destination LOG 0 -- anywhere anywhere LOG level warning tcp-options ip-options prefix `[IPTABLES DROP] : ' DROP 0 -- anywhere anywhere Chain icmp_packets (2 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- ws1.allsoftstudios.com anywhere icmp echo-request DROP icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp time-exceeded I have not used any of the IP_CONNTRACK_FTP and IP_NAT_FTP modules, since i have no clue how to use them yet, and since i doubt that is the problem since i manage to connect just fine. Only fail when it tries to list the contents of the directory. EDIT: Disabled TLSRequired in proftpd.conf and tried with ordinary fpt, and there i don't have this problem. Only happens with SSL/TLS. I think and hope this covers all the information you need. Many thanks for taking the time with a Linux noob like me. Been a diehard Microsoft user until a couple of weeks ago when i decided to start to use Linux servers for my hosting needs.
This is the output from netstat -tap Code: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:mysql *:* LISTEN 4277/mysqld tcp 0 0 *:webmin *:* LISTEN 4915/perl tcp 0 0 *:www *:* LISTEN 4708/apache2 tcp 0 0 *:81 *:* LISTEN 4674/ispconfig_http tcp 0 0 *:ftp *:* LISTEN 9551/proftpd: (acce tcp 0 0 ws1.allsoftstudi:domain *:* LISTEN 4849/named tcp 0 0 192.168.0.205:domain *:* LISTEN 4849/named tcp 0 0 localhost.locald:domain *:* LISTEN 4849/named tcp 0 0 *:smtp *:* LISTEN 7071/master tcp 0 0 localhost.localdoma:953 *:* LISTEN 4849/named tcp 0 0 *:https *:* LISTEN 4708/apache2 tcp6 0 0 *:imaps *:* LISTEN 4385/couriertcpd tcp6 0 0 *:pop3s *:* LISTEN 4425/couriertcpd tcp6 0 0 *:pop3 *:* LISTEN 4403/couriertcpd tcp6 0 0 *:imap2 *:* LISTEN 4365/couriertcpd tcp6 0 0 *:ssh *:* LISTEN 4183/sshd tcp6 0 0 *:smtp *:* LISTEN 7071/master tcp6 0 0 ip6-localhost:953 *:* LISTEN 4849/named tcp6 0 1480 ::ffff:192.168.0.20:ssh ::ffff:192.168.0.:50712 ESTABLISHED22223/sshd: adminis