Ubuntu – FTPS sometimes timeout when ubuntu firewall enabled

I have vsftpd installed and configured to work with SSL.

it's connecting but if the firewall enabled connection sometimes fail (timeout)

I get this error on FileZilla:

Retrieving directory listing of "/userFolder"..
Command:    PWD
Response:   257 "/userFolder" is the current directory
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   227 Entering Passive Mode (IP,IP,IP,IP,38,86).
Command:    LIST

Error:          The data connection could not be established:
 ETIMEDOUT - Connection attempt timed out

and sometimes it works (that what make me confused about firewall).

but when I disable ubuntu firewall ( sudo ufw disable ) it works fine.

I guess I've allowed or required ports:

To                         Action      From
--                         ------      ----
8080                       ALLOW       Anywhere
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
20/tcp                     ALLOW       Anywhere
21/tcp                     ALLOW       Anywhere
990/tcp                    ALLOW       Anywhere
40000:50000/tcp            ALLOW       Anywhere
20                         ALLOW       Anywhere
2000                       ALLOW       Anywhere
2001                       ALLOW       Anywhere
10100                      ALLOW       Anywhere
10090                      ALLOW       Anywhere
21                         ALLOW       Anywhere
8080 (v6)                  ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)
20/tcp (v6)                ALLOW       Anywhere (v6)
21/tcp (v6)                ALLOW       Anywhere (v6)
990/tcp (v6)               ALLOW       Anywhere (v6)
40000:50000/tcp (v6)       ALLOW       Anywhere (v6)
20 (v6)                    ALLOW       Anywhere (v6)
2000 (v6)                  ALLOW       Anywhere (v6)
2001 (v6)                  ALLOW       Anywhere (v6)
10100 (v6)                 ALLOW       Anywhere (v6)
10090 (v6)                 ALLOW       Anywhere (v6)
21 (v6)                    ALLOW       Anywhere (v6)

Did I forget some port to allow? also is it possible to know required port for a specific app?

Additional information

I'm connecting remotely using "root" username and I've allowed root user access.

that's my /etc/vsftpd.conf file

listen=YES
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
connect_from_port_20=YES
chown_uploads=YES
chown_username=root
ascii_upload_enable=YES
ascii_download_enable=YES
ssl_enable=YES
rsa_cert_file=/etc/mypath
rsa_private_key_file=/etc/mypath
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=NO
ssl_ciphers=HIGH
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

Best Answer

The passive mode connection can't be established. There is most likely an issue with the tcp traffic not getting sent/received over passive mode ports between your ftp client and the ftp server.

You've opened two single ports 10090 and 10100 in UFW. This needs to be changed. Remove those 4 single port rules in UFW. Then open the whole port range 10090:10100/tcp instead and restart UFW.
I don't see the according passive port range settings in your vstfpd.conf file. Add these lines to your vsftpd.conf file:
```
pasv_enable=YES
pasv_min_port=10090
pasv_max_port=10100
```
If you still encounter connection problems, check port forwarding in your internet router and in the firewall on your local machine.

Best Answer

Related Solutions

Firewall Ports to Open for FTPS

Ubuntu – How to Disable Firewall on Version 9.04

Related Topic