Issues with pure-ftpd

Hi all,

I am seting up a FTP server with pure-ftpd. I can login from intern and extern as well.
Unfortunately the server is located in a DMZ wich is not under my control. I requested that the ports 20-21 and 30000-50000 are being opened.

nmap shows me the following:

$ nmap -PN -p 21,20,30000,40000,50000 15x.xxx.xxx.xxx

Starting Nmap 5.21 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2011-04-14 12:24 CEST
Nmap scan report for blah.fasel.suelz.net (15x.xxx.xxx.xxx)
Host is up (0.0015s latency).
PORT STATE SERVICE
20/tcp filtered ftp-data
21/tcp open ftp
30000/tcp filtered unknown
40000/tcp filtered unknown
50000/tcp filtered iiimsf

Anyhow, I am loosing the connection as soon I AM loggend in (!!! Means, i CAN login :o) ) and e.g. issue a ‘ls’ and the ftp is entering the passive mode:

SNIP

bash-3.2$ ftp 15x.xxx.xxx.xxx
Connected to 15x.xxx.xxx.xxx

220-Welcome to Pure-FTPd.

220-You are user number 1 of 30 allowed.

220-<<

220-Welcome to the Blah Suelz FTP Server!

220->>

220-IPv6 connections are also welcome on this server.

220 You will be disconnected after 15 minutes of inactivity.

500 This security scheme is not implemented

500 This security scheme is not implemented

KERBEROS_V4 rejected as an authentication type

Name (15x.xxx.xxx.xxx:user): mmarre

331 User mmarre OK. Password required

Password:

230-User mmarre has group access to: BLAH SUELZ
230- users

230 OK. Current directory is /home/mmarre

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> ls

227 Entering Passive Mode (15x,xxx,xxx,xxx,189,198)

ftp: connect: Connection timed out

SNIP

WHAT is going wrong here?
Is that due to the filtered ports? Should they be OPEN?

Active config:

grep -v “#” /etc/pure-ftpd/pure-ftpd.conf|uniq

ChrootEveryone no
TrustedGID 1000
BrokenClientsCompatibility no
MaxClientsNumber 30
MaxClientsPerIP 3
VerboseLog no
AllowDotFiles no
DisplayDotFiles no
AnonymousOnly no
NoAnonymous no
SyslogFacility ftp
FortunesFile /etc/motd
DontResolve yes
MaxIdleTime 15
PAMAuthentication yes
LimitRecursion 2000 8
AnonymousCanCreateDirs no
MaxLoad 5
PassivePortRange 30000 50000
ForcePassiveIP 15x.xxx.xxx.xxx
AntiWarez yes
Umask 007:007
MinUID 40
AllowUserFXP no
AllowAnonymousFXP no
ProhibitDotFilesWrite yes
ProhibitDotFilesRead yes
AutoRename yes
AnonymousCantUpload no
MaxDiskUsage 85
NoRename yes
CustomerProof yes

Any hints?

Regards
Michael

Michael,

please post English questions in the English forums.

Thanks!

Uwe