issue with Vftpd server with ftp client (mode active)

[sanglier78]

Hi,
a strange behaviour is present in our system.
for load test reason, a ftp client on a windows platform is launched with a loop, unfortunatelly, FTP on windows 7 is on active mode.
The first port choosen is the 49000 ==>OK
but when we reach the port 61000 ==>NOK error 425 (so all port x>=61000)
On server part so the vftpd server on a Cent OS 7, with the debug mode, I see the the port command, accepted, but the list command refused with the error message 425.
I stop the firewalld process, and on Iptables, I configure a fully transparent protection (everything accepted input/output/forward).

I do the test with fillezilla, if active and port >=61000, same issue.

The issue seems to be linked with the server, and I see nothing on documentation.
So I have question, is there another process which prevents to used the port >=61000, is there a bug on vsftp ?

any idea is welcome
regards

[TrevorH]

When you set up firewalld, did you open the port using firewall-cmd --add-service=ftp or did you open just add ports? If you use --add-service=ftp then it will also load nf_conntrack_ftp which handles all the other ports that can be used too and is the preferred method.

[sanglier78]

initially, when firewalld was on, i set service ftp.
for the moment, issue remains the same, and firewalld is stopped (it is an internal network )

[sanglier78]

a small up.
Except vftpd, do you know another FTP server available on centOS7, and easy to understand ?
regards

[pjsr2]

https://www.server-world.info/en/note?os=CentOS_7&p=ftp notes that you need to set SELinux permissions.

Code: Select all

setsebool -P ftpd_full_access on 

You didn't mention you did that. Might explain your observed behavior that you clients can connect, but not list files.