[Proftpd-user] Strange failure of active connection

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

I have two servers, each on the same two external lines, each running
ProFTPD Version 1.2.9rc1, each with the same proftpd.conf, and each with the
same firewall rules across both lines. With both servers, passive ftp
connections succeed via both external lines. With one server however, active
ftp connections succeed on one line but fail on the other (beyond login -
which is passive anyway - can't do a successful ls, get or put).

Where can the difference be lurking that's foiling port 20, but only via one
external line on the one server, when the two external lines are the same
for both servers? Both are running Gentoo. Both have the same routing rules
and tables - adjusted only for the difference in IPs. The one with the
trouble on the one line has some components that aren't as up-to-date, but I
can't yet imagine which of those - or what else - could be creating this
problem. No errors show in the logs.

So it looks like this:                 Server 1            Server 2
                                   Line 1    Line 2    Line 1    Line 2
                       Passive      works     works     works     works
                       Active       works     FAILS     works     works

When I run proftpd with -d9, the only difference on the failed connections
is that it just stops. In the case of both working and failing connections
the "ls" command at the client leads to:

dispatching PRE_CMD command 'LIST' to mod_tls
dispatching PRE_CMD command 'LIST' to mod_core
dispatching PRE_CMD command 'LIST' to mod_core
dispatching PRE_CMD command 'LIST' to mod_ratio
dispatching CMD command 'LIST' to mod_ls
ROOT PRIVS: ID switching disabled
ROOT PRIVS: ID switching disabled

- at which point the failing situation just stops logging this connection
(other connections continue), while the successful situations go on with:

active data connection opened - local  : ...
active data connection opened - remote : ...
FS: using system stat()
...
FS: using system opendir()
... 

- and so on.

So it's not opening the active data connection, but it's not throwing an
error either, and there's nothing logged as blocked by the firewall. Proftpd
is on the same machine as the firewall, on both machines. It's running
standalone on both machines. There are no references in the proftpd.conf
file common to both to either IPs or interfaces.

Thanks much for any guesses on where to look,
Whit