I have this discussion at work regarding our ftp server running via vsftpd. Initially, we have opted to serve ftpes instead of sftp because this seemed the most flexible and straightforward solution for our server to have secure file transmission.
Afterwards, our ftp server seems to be a source of issues for our end users. Half of the time, users complain about not working ftp connections. I must say, i tested our FTP trough different infrastructures (=in the field, at random times at random places) and indeed, sometimes behind some configurations (=no idea how they are configured, because the 'field' testing), i recieve errors. Some of the are: Error: Failed to retrieve directory listing (filezilla)
Furthermore, behind my basic home configuration, everything seems to be running fine.
I (think I) did all the basic configuration checks (passive mode?, firewall for all ports?, ...) and can't seem to find the source.
Being a bunch of techies at our small office, yet knowing nothing about infrastructure, some start suggesting that ftps protocol could be the source of issues. ("No, i only knew sftp so far" "Ftps is not widespread").
I, however, strongly doubt this hypothesis, since reading around on the www, asking questions on serverfault, everyone seems to deny this.
So, as I would like to avoid reconfiguring, since this involves messing around in our SSH service, our virtual user setup and ftp service, i would need some advice on
1) what could be potentially the general cause?
2) do you have some general tips?
3) would you mind having a look at my configuration file?
----- General Settings -----
write_enable=YES
dirmessage_enable=YES
nopriv_user=ftpsecure
ftpd_banner="Welcome to XXXX FTP!"
hide_ids=YES
hide_file=.*
max_per_ip=10
max_clients=10
local_enable=YES
local_umask=022
chroot_local_user=YES
secure_chroot_dir=/usr/share/empty
userlist_enable=NO
userlist_deny=YES
userlist_file=/etc/vsftp_deny_users
guest_enable=YES
guest_username=ftpvirtual
virtual_use_local_privs=YES
user_sub_token=$USER
local_root=/srv/ftp/ftpvirtual/$USER
anonymous_enable=NO
syslog_enable=NO
xferlog_enable=YES
xferlog_file=/var/log/vsftpd_xfer.log
connect_from_port_20=YES
pam_service_name=vsftpd
listen=YES
listen_port=21
pasv_enable=YES
pasv_min_port=30000
pasv_max_port=30030
pasv_address=foo
ssl_enable=YES
rsa_cert_file=/etc/vsftpd.pem
rsa_private_key_file=/etc/vsftpd.pem
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
ssl_ciphers=HIGH
anon_mkdir_write_enable=NO
anon_root=/srv/ftp
anon_upload_enable=NO
idle_session_timeout=900
log_ftp_protocol=NO
dsa_cert_file=/etc/vsftpd.pem
Thanks
Start by increasing your passive port range to at least 1000 connections and ensure that the firewall has these ports open.