In my experience, it often has to do with the use of PASV (passive) in the FTP transfer request in "secured" or "hardened" systems where netfilter rules are used. Even if that's it, it could still be a number of things or combination of them to resolve, such as use of nf_conntrack_ftp module, force client to _not_ use passive, etc. That's where I'd start looking if you haven't already.
Mind providing lftp debug output of the event? Feel free, even encouraged, to sanitize the output with non-routable or even non-existent domain names and IPs. Just be consistent for the particular name/IP to avoid confusion. If it's 192.345.9.3 in one place, the same IP should be used for that system elsewhere in the output to avoid confusion.
Code:
[ code ]
session data goes here
[ /code ]
Example:
Code:
$ lftp -u demo1 server.domain.local
Password:
lftp demo1@server.domain.local:~> debug
lftp demo1@server.domain.local:~> ls
---- Connecting to server.domain.local (172.16.8.11) port 21
<--- 220 (vsFTPd 2.3.4)
---> FEAT
<--- 211-Features:
<--- EPRT
<--- EPSV
<--- MDTM
<--- PASV
<--- REST STREAM
<--- SIZE
<--- TVFS
<--- UTF8
<--- 211 End
---> OPTS UTF8 ON
<--- 200 Always in UTF8 mode.
---> USER demo1
<--- 331 Please specify the password.
---> PASS XXXX
<--- 230 Login successful.
---> PWD
<--- 257 "/"
---> PASV
<--- 227 Entering Passive Mode (172,16,8,11,59,223).
---- Connecting data socket to (172.16.8.11) port 15327
---- Data connection established
---> LIST
<--- 150 Here comes the directory listing.
---- Got EOF on data connection
---- Closing data socket
drwxr-xr-x 3 502 502 4096 Nov 14 2010 Documents
<--- 226 Directory send OK.
lftp demo1@server.domain.local:/> bye
---> QUIT
---- Closing control socket
$