have been trying to setup Proftpd on my Redhat 7.2 machine for weeks and still nothing! It took me only 2 mins to get IIS 5.0 FTP to work!
Here is my situation:

Dynamic IP (DSL) + Linksys Router (NAT+Firewall)

If I do not use non standard ports Proftpd does not work at all! When I use Port 21, I am not even able to connect inside my LAN. If I use a NON-Standard Port, I am able to connect inside my LAN and from anywhere on the internet. However, if I use a non-standard port and access my Proftpd server from outside my LAN I can not see any files! It seems like nothing is there..if I do an upload outside my LAN the file goes into a blackhole!!! But everything works beautifully inside my LAN with a Non-Standard Port!

And Yes I have all FTP related ports forwarded to my Linux BOX! Remember I got IIS FTP to work from anywhere! I could ftp from inside/outside my LAN with no problems!

Here is my proftpd.conf file (Non-Standard Version - Stnadard Port Version is exactly the same except Port = 21 in the config):

ServerName "Hello Idaho New York"
ServerType standalone
DefaultServer on
PassivePorts 60000 65535
MasqueradeAddress www.xxxxxxxxxxxxx.com
UseReverseDNS off
IdentLookups off

Port 2001

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User ftp
Group ftp

# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>

# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp

# Limit the maximum number of anonymous logins
MaxClients 10
RequireValidShell off
AnonRequirePassword off

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>

</Anonymous>

PLEASE HELP!!!! Prevent me FROM USING WINDOWS PLEASE!!!!

While I could probably explain this in some detail I when for a search on google to see if proftpd indeed had a passive ftp setting which I was sure it did. And I came across this posting on proftpd.org which should answer your questions better then I could.

http://www.proftpd.org/proftpd-l-arc.../msg01371.html

Thanks for the info, but that does not tell me anything new. My firewall is setup correctly. If I use IIS FTP then everythinh works fine. If I use Proftpd then nothing works fine...it has something to do with my Proftpd config or my Linux box setup.

I currently have proftpd running on my system. When I done a little looking I found that I have two packages.

proftpd 1.2.5 rc1-1 ----- Proftp
proftpd-standalone 1.2.5 rc1-1 ----- Proftp daemon

The daemon lets me start and stop the service in the /etc/rc.d/init.d directory.

The following is my proftpd.conf file:

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName "ProFTPD ftp.rf-services.com"
ServerType standalone
DefaultServer on

# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>

# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp

# Limit the maximum number of anonymous logins
MaxClients 10

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>

</Anonymous>

Hope this helps,
Lee

Lee,

Are you behind a firewall and do you have dynamic IP?

Well I'm not sure exactly what's all going wrong but I think it's because of a mix of several ways to get around this problem.
I assume you are using an iptables firewall and the ip_nat_ftp module. In addition to that you are also forwarding the ftp port and the passive port range. Well if that's the case then I could imagine that somethings would go wrong at some point although it's not totally clear why it's messing up.

You say that when you set ftp at port 21 it works from outside but not from inside your lan. From outside the clients would be using passive mode and since you are forwarding the passive ports they should be able to connect and transfer without a problem. If the clients happen to not use passive mode then the ip_nat_ftp module will probably kick in and allow the transfers anyway. There used to be problems with this kind of setup that you could not connect from inside your lan to ports you forwarded to the inside. But as far as I know that was fixed in the newer versions. And since you are running redhat 7.2 you shouldn't be having problems with that. It might be a mix up of the ip_nat_ftp module and the normal rules to forward the ftp traffic which are causing it to do weird things. But I've never gotten into how the ip_nat_ftp module works so I'm not sure about that.

Then there is the situation when you change to a nonstandard port. In this situation you can connect from everywhere but from the outside you can't open a data connection to show a file listing or transfer files. If the client is in passive mode then the server should use one of the passive ports which are forwarded and it should be able to make a data connection. If that doesn't work then there must be something else causing trouble. If the client isn't in passive mode then the ip_nat_module won't work anymore because it only listens for things on port 21 unless you've explicitly specified it should also listen on the nonstandard port which I doubt you've done. I assume from inside the lan you are now no longer having conflicts between the module and the port forwards so that's why it probably works now.

But I'm not sure on all the details what's going on so I might be wrong on some of that. If I where you then I'd start getting out a packet sniffer (tcpdump) and check out which packets are getting where to find out how far everything is getting and where it's getting stuck.

Hope some of that helps somehow.

Savedadogs,

I am behind a firewall. It has port 21 open and directed to the LAN (192.168.0.***) address of the server. I do have a static IP address though and that's really the only difference between us. But if you are using someone like zoneedit for your dynamic DNS service that really shouldn't matter. Also you should be able to ftp into your server locally using a ftp client. The reason I say ftp client, you have to configure Proftp to accept anonymous connections without using a password. And unless your browser will give you a username, password window (some will and some won't) you will not be able to connect.

Also for some reason when you install Proftp all of the Unix users that are defined on the system are denied access. I'm sure there is a good reason for this, just haven't figured it out yet. So basically you have two choices, enable the users that you want to have access in Proftp, or create new users on the Linux system.

Thanks for all the informative help. My linux box is not acting as the firewall. I have a Linksys that has a built in firewall. My Linux box is connected to it. I have tried everything....but nothing yet.

Finally figured it out. Since I have RedHat 7.2, the linux firewall is on by default. I turned it off and now everything works fine. Well do I need to even configure the firewall on my linux box? I already have a Linksys Router that acts as a firewall too...