Erro de conexão ProFTPd - Help!?

mda_deb
(usa Debian)

Enviado em 03/11/2009 - 09:35h

Olá Galera do VOL, \o/

O problema é o seguinte, quando tento realizar um conexão com o meu servidor FTP (PROFTPD) pela WAN, ou seja fora da empresa ocorre o seguinte erro:

Cliente FTP - FileZilla:

Status: Conectando com 18x.xx.xx.xxx:8957...
Status: Conexão estabelecida, esperando a mensagem de boas vindas...
Resposta: 220 ProFTPD 1.3.1 Server (Empresa) [192.168.1.2]
Comando: AUTH TLS
Resposta: 234 AUTH TLS successful
Status: Inicializando TLS...
Status: Verificando o certificado...
Comando: USER fulanodetal
Status: Conexão TLS/SSL estabelecida.
Resposta: 331 Password required for fulanodetal
Comando: PASS **********************
Resposta: 230 User fulanodetal logged in
Comando: OPTS UTF8 ON
Resposta: 200 UTF8 set to on
Comando: PBSZ 0
Resposta: 200 PBSZ 0 successful
Comando: PROT P
Resposta: 200 Protection set to Private
Status: Conectado
Status: Recuperando a listagem de pastas...
Comando: PWD
Resposta: 257 "/" is the current directory
Comando: TYPE I
Resposta: 200 Type set to I
Comando: PASV
Resposta: 227 Entering Passive Mode (192,168,1,2,228,57).
Status: O servidor enviou uma resposta passiva com um endereço não-roteável. Usando o endereço do servidor em vez deste.
Comando: LIST
Erro: O tempo da conexão se esgotou
Erro: Falhou em recuperar a listagem de diretórios

Portanto não consigo listar os diretórios fora da empresa, mas dentro da empresa consigo NORMALMENTE.

Minha estrutura é a seguinte:

LINK da LP >>> Firewall >>> Web Server (FTP - PROFTPD), confs:


>>Firewall:

#LIBERANDO PORTA PARA FTP
/sbin/iptables -A FORWARD -i $IF_WAN -p tcp --dport 8957 -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -i $IF_WAN -p tcp --dport 8957 -j DNAT --to $IP_APLICACAO


>>Web Server - proftpd.conf:

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off

ServerName "Empresa"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayChdir .message
ListOptions "-l"

DenyFilter \*.*/

# Port 21 is the standard FTP port.
Port 8957

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
#PassivePorts 49152 65534

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd off

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile off

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log


<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# Apenas faz com que o usuario acesse o seu HOME
DefaultRoot ~
<Directory /*>
AllowOverwrite yes
</Directory>

##Ativando SSL/TLS
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23

# Are clients required to use FTP over TLS when talking to this server?
TLSRequired on

# Server's certificate
TLSRSACertificateFile /etc/ssl/certs/server.crt
TLSRSACertificateKeyFile /etc/ssl/private/server.key.insecure

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off

# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate required off

</IfModule>

#FIM

Como podem ver ele conecta normalmente, porem não lista os diretórios.

Dúvidas:

Por que não consigo listar meus diretórios?

Necessito de configurações no firewall?

Falta alguma configuração no meu cliente Filezilla?

Forte abraço.

Desde já muito obrigado.

Maikon D. Abati