# proftpd: list & passive mode problem

## kos

Hi

I've been using proftpd for many years and I think my config stayed intact for a year or so now. However I've discovered that anonymous access doesn't work anymore after one of my recent upgrades. It looks like there are some problems with passive mode for anonymous users.

Here's sample ftp session log, notice that 4th 'ls' attempt succeeds

```

kos@kos ~ $ /usr/bin/ftp localhost

Connected to localhost (127.0.0.1).

220 ProFTPD 1.3.3rc1 Server (KoS' FTP Server)

Name (localhost:kos): anonymous

500 AUTH not understood

SSL not available

331 Anonymous login ok, send your complete email address as your password

Password:

230-Welcome to KoS' FTP server!

 You can use up to 3 connections per IP, there is no bandwidth limit.  However,

 server runs at nice 18 (low priority), so you can experience slowdowns when

230 system is busy (like when I'm gaming :p ).

Remote system type is Guest.

ftp> ls

215 UNIX Type: L8

200 PORT command successful

ftp> ls

150 Opening ASCII mode data connection for file list

ftp> ls

226 Transfer complete

200 PORT command successful

ftp> ls

200 PORT command successful

150 Opening ASCII mode data connection for file list

dr-xr-xr-x   3 ftp      ftp           728 Feb 26  2008 books

dr-xr-xr-x   5 ftp      ftp           168 Jun 11  2005 dev

dr-xr-xr-x   2 ftp      ftp           176 Oct 26  2007 doc

[...full listing here...]

226 Transfer complete

```

I've tried lftp as a client and it just ABORts the connection even before "Entering Passive Mode" arrives from server:

```

kos@kos ~ $ LANG=C lftp localhost

lftp localhost:~> debug 10

lftp localhost:~> ls

---- dns cache hit

---- Connecting to localhost (127.0.0.1) port 21

<--- 220 ProFTPD 1.3.3rc1 Server (KoS' FTP Server)

---> FEAT

<--- 211-Features:

 MDTM

 MFMT

 TVFS

 UTF8

 MFF modify;UNIX.group;UNIX.mode;

 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;

 LANG en-US*

 REST STREAM

 SIZE

<--- 211 End

---> LANG

<--- 200 Using default language en_US

---> OPTS UTF8 ON

<--- 200 UTF8 set to on

---> OPTS MLST modify;perm;size;type;UNIX.group;UNIX.mode;UNIX.owner;

<--- 200 OPTS MLST modify;perm;size;type;UNIX.group;UNIX.mode;UNIX.owner;

---> USER anonymous

<--- 331 Anonymous login ok, send your complete email address as your password

---> PASS lftp@

<--- 230-Welcome to KoS' FTP server!

<---  You can use up to 3 connections per IP, there is no bandwidth limit.  However,

<---  server runs at nice 18 (low priority), so you can experience slowdowns when

<--- 230 system is busy (like when I'm gaming :p ).

<--- 230 Guest access granted for anonymous.

---> PWD

<--- 257 "/" is the current directory

---> PASV

---> LIST

---> ABOR

---- Closing aborted data socket

---- Closing control socket

---- Switching passive mode off

---- dns cache hit

---- Connecting to localhost (127.0.0.1) port 21

<--- 220 ProFTPD 1.3.3rc1 Server (KoS' FTP Server)

---> FEAT

<--- 211-Features:

 MDTM

 MFMT

 TVFS

 UTF8

 MFF modify;UNIX.group;UNIX.mode;

 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;

 LANG en-US*

 REST STREAM

 SIZE

<--- 211 End

---> LANG

<--- 200 Using default language en_US

---> OPTS UTF8 ON

<--- 200 UTF8 set to on

---> OPTS MLST modify;perm;size;type;UNIX.group;UNIX.mode;UNIX.owner;

<--- 200 OPTS MLST modify;perm;size;type;UNIX.group;UNIX.mode;UNIX.owner;

---> USER anonymous

<--- 331 Anonymous login ok, send your complete email address as your password

---> PASS lftp@

<--- 230-Welcome to KoS' FTP server!

<---  You can use up to 3 connections per IP, there is no bandwidth limit.  However,

<---  server runs at nice 18 (low priority), so you can experience slowdowns when

<--- 230 system is busy (like when I'm gaming :p ).

<--- 230 Guest access granted for anonymous.

---> PWD

<--- 257 "/" is the current directory

---> PORT 127,0,0,1,225,5

<--- 200 PORT command successful

---> LIST

---- Accepted data connection from (127.0.0.1) port 20

<--- 150 Opening ASCII mode data connection for file list

dr-xr-xr-x   3 ftp      ftp           728 Feb 26  2008 books

dr-xr-xr-x   5 ftp      ftp           168 Jun 11  2005 dev

dr-xr-xr-x   2 ftp      ftp           176 Oct 26  2007 doc

[...]

---- Got EOF on data connection

---- Closing data socket

copy: get hit eof

copy: waiting for put confirmation

copy: put confirmed store

copy: get is finished - all done

<--- 226 Transfer complete

**** extra server response

```

Active mode works OK.

Non-anonymous logins are also OK, even in passive mode.

Firewall was stopped..

Tried to fiddle with the USE flags - no results. There are no errors in auth.log, xfer.log or 'proftpd -n -d 10' output.

My proftpd.conf:

```

# This is a basic ProFTPD configuration file (rename it to 

# 'proftpd.conf' for actual use.  It establishes a single server

# and a single anonymous login.  It assumes that you have a user/group

# "nobody" and "ftp" for normal operation and anon.

ServerName         "KoS' FTP Server"

#ServerType inetd

ServerType standalone

DefaultServer         on

#IdentLookups         off

UseReverseDNS          off

# Port 21 is the standard FTP port.

Port            21

# Use the IANA registered ephemeral port range

PassivePorts      49152 65534

# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask            022

# To prevent DoS attacks, set the maximum number of child processes

# to 30.  If you need to allow more than 30 concurrent connections

# at once, simply increase this value.  Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd)

MaxInstances 30

<IfModule mod_lang.c>

  LangDefault en_US

</IfModule>

#PersistentPasswd   off

#AuthPAMAuthorative   off

MaxClientsPerHost 3 "Sorry, you may not connect more than three times."

# Trace ALL:10

# TraceLog /var/log/t.log

# Set the user and group that the server normally runs at.

User            proftpd

Group            proftpd

RequireValidShell      off

AuthPAM               off

AuthPAMConfig         ftp

AccessGrantMsg "Guest access granted for %u."

LogFormat                       default "%h %l %u %t \"%r\" %s %b"

LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"

LogFormat                       write   "%h %l %u %t \"%r\" %s %b"

DefaultRoot ~

AllowOverwrite on

# Normally, we want files to be overwriteable.

<Directory /*>

  AllowOverwrite      on

</Directory>

#AnonymousGroup ftp

DefaultRoot /

# A basic anonymous configuration, no upload directories.

<Anonymous ~>

  User ftp

  Group ftp

  

  DisplayLogin         /readme.txt

  DisplayChdir      .message true

  

  # We want clients to be able to login with "anonymous" as well as "ftp"

  UserAlias         anonymous ftp

  

  PathDenyFilter "(\.ftpaccess)|(\.htaccess)$"

  # Limit the maximum number of anonymous logins

  MaxClients         10

  # We want 'welcome.msg' displayed at login, and '.message' displayed

  # in each newly chdired directory.

  DisplayLogin         welcome.msg

  DisplayChdir      .message true

  # Limit WRITE everywhere in the anonymous chroot

  <Limit WRITE>

    DenyAll

  </Limit>

  

  DirFakeGroup on

  DirFakeUser on

  DirFakeMode 40444

  HideGroup root  

</Anonymous>

<Anonymous /home/kos>

    RequireValidShell   off

    User   kos

    Group   users

    AnonRequirePassword on

   AccessGrantMsg "Welcome home!"

    <Limit CWD MKD RNTO RMD RETR REST APPE WRITE STOR DELE RNFR>

   Order allow,deny

   Allow from 193.168.1.,80.70.228.198,127.0.0.1,10.1.1.67,10.1.0.2,66.134.141.162,205.158.63.41,209.220.

   Deny from all

    </Limit>

</Anonymous>

#<Anonymous /largefiles>

<Anonymous /mnt/iso>

    RequireValidShell   off

    User   ftp

    Group   users

    UserAlias   cdrom ftp

    UserPassword   ftp xxx

    UserPassword   cdrom xxx

    AnonRequirePassword   on

    

    <Limit CWD MKD RNTO RMD RETR REST APPE WRITE STOR DELE RNFR>

   Order allow,deny

   Allow from all

   #Allow from 193.168.1.,80.70.228.198,10.1.0.2,10.1.2.16,10.1.7.90,127.0.0.1,10.1.1.67

   #Deny from all

    </Limit>

</Anonymous>

<Anonymous /home/ftp/wget4web>

    RequireValidShell   off

    User   nobody

    Group   nobody

    UserAlias linux nobody

    UserPassword   linux xxx

    UserPassword   nobody xxx

    AnonRequirePassword   on

    <Limit CWD MKD RNTO RMD RETR REST APPE WRITE STOR DELE RNFR>

   Order allow,deny

   Allow from 193.168.1.,10.1.1.,80.70.225.85,10.1.4.133

   Deny from all

    </Limit>

               

</Anonymous>

<Anonymous /home/ftp/gentoo>

    RequireValidShell   off

    User   ftp

    Group   portage

    UserAlias   gentoo ftp

    UserPassword   ftp xxx

    UserPassword   gentoo xxx

    AnonRequirePassword   on

    <Limit CWD MKD RNTO RMD RETR REST APPE WRITE STOR DELE RNFR>

   Order allow,deny

   Allow from 193.168.1.,80.70.228.198,127.0.0.1,10.1.1.67,10.1.0.2

   Deny from all

    </Limit>

               

</Anonymous>

<Global>

</Global>

```

Any ideas?

----------

## kos

vanilla 1.3.3rc2 works OK..

----------

