ProFTPD timeout problem

I was recently configuring a FTP server in a Fedora box, and I had been stuck with this problem with ProFTPD for a long time.

Status: Connecting to ***.***.***.***:21…
Status: Connection established, waiting for welcome message…
Response: 220 ProFTPD 1.3.2rc1
Command: USER ***
Response: 331 Password required for ***
Command: PASS *****************
Response: 230 User *** logged in
Status: Connected
Status: Retrieving directory listing…
Command: PWD
Response: 257 “/” is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PORT ***,***,***,***,14,136
Response: 200 PORT command successful
Command: LIST
Error: Connection timed out
Error: Failed to retrieve directory listing

I spent very long hours with this problem, and kept searching around. And almost everywhere it was suggested that the firewall settings could be the problem. It took me very long to realize that most of the people complaining about this were just home users trying to setup a home network and use FTP in it. The box I was working with was a production grade server. So, I kept searching away and I finally tweaked the search string to “proftpd passive mode problem” and finally found out that I had NOT setup ProFTPD with the ip_conntrack_ftp module.

This module is necessary because the server is behind a NAT router and users connecting to it can only use passive ftp. By design, passive ftp servers do not know in advance what port the client will connect to. This module does that job of notifying the server about the port the present client is using to connect to the server.

So next time you have this problem and know that your firewall is tip top, do check out if the ip_conntrack_ftp module is used!

I hope this helps :)

Leave a Reply

Your email address will not be published. Required fields are marked *