Proftpd with TLS fails at LIST

[Cyberknox]

I am trying to setup Proftp with SSL/TLS on Opensuse 11

Proftpd vs 1.3.2rc1

My problem is when I try to connect via Filezilla it gets to LIST then I get connection timed out, Failed to retrieve directory list. It never actually lists the directories. I have no doubt this is my lack of knowledge, but I have tried to search for the exact issue to my situation and cannot find an answer.

My syslog.log shows this as the last entry:

Code:

Preparing to chroot to directory '/ftp/directory'

My tls.log:

Code:

Jul 19 21:16:26 mod_tls/2.2[4246]: TLS/TLS-C requested, starting TLS handshake

Jul 19 21:16:26 mod_tls/2.2[4246]: TLSv1/SSLv3 connection accepted, using cipher DHE-RSA-AES128-SHA (128 bits)

Jul 19 20:16:27 mod_tls/2.2[4246]: Protection set to Private

Here is my proftpd.conf

Code:

# To really apply changes reload proftpd after modifications.

AllowOverwrite on

AuthAliasOnly on



# Choose here the user alias you want !!!!

UserAlias bob user1
UserAlias jim user2




ServerName			"My FPT Site"

ServerType 			standalone

DeferWelcome			on



MultilineRFC2228 on

DefaultServer			on

ShowSymlinks			off



TimeoutNoTransfer 600

TimeoutStalled 100

TimeoutIdle 2200



#DisplayFirstChdir               .message

ListOptions                	"-l"



RequireValidShell 		off



TimeoutLogin 20



RootLogin 			off



# It's better for debug to create log files ;-)

ExtendedLog 			/var/log/ftp.log

TransferLog 			/var/log/xferlog

SystemLog			/var/log/syslog.log



#DenyFilter			\*.*/



RequireValidShell 		off



# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)

UseFtpUsers off



# Allow to restart a download

AllowStoreRestart		on



# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)

Port				1980



# To prevent DoS attacks, set the maximum number of child processes

# to 30.  If you need to allow more than 30 concurrent connections

# at once, simply increase this value.  Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd)

MaxInstances 8



# Set the user and group that the server normally runs at.

User                  nobody

Group                 nogroup



# Umask 022 is a good standard umask to prevent new files and dirs

# (second parm) from being group and world writable.

Umask				022	022



PersistentPasswd		off



MaxClients 8

MaxClientsPerHost 8

MaxClientsPerUser 8

MaxHostsPerUser 8



# Display a message after a successful login

AccessGrantMsg "Good day!!!"

# This message is displayed for each access good or not

ServerIdent                  on       "Welcome to your Home"



<IfModule mod_tls.c>

    TLSEngine on

    TLSLog /var/log/tls.log

    TLSProtocol TLSv1



    # Are clients required to use FTP over TLS when talking to this server?

    TLSRequired on



    # Server's certificate

    TLSRSACertificateFile /etc/ftpcert/server.crt

    TLSRSACertificateKeyFile /etc/ftpcert/server.key



    # CA the server trusts

    TLSCACertificateFile /etc/ftpcert/ca.crt



    # Authenticate clients that want to use FTP over TLS?

    TLSVerifyClient off



    #TLSOptions NoCertRequest

	

</IfModule>



# Set /srv/ftp/ftpdir as home directory

DefaultRoot /srv/ftp/ftpdir





# Lock all the users in home directory, ***** really important *****

DefaultRoot ~



# Set Passive Ports range - to allow login from internet behind firewall

PassivePorts 49152 64432



MasqueradeAddress	mysite.domain.com


MaxLoginAttempts    5



#VALID LOGINS

<Limit LOGIN>

AllowUser user1 user2
DenyALL

</Limit>



<Directory /srv/ftp/ftpdir>

#Umask 022 022

AllowOverwrite on

	<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>

	DenyAll

	</Limit>

</Directory>

proftpd -l output:

Code:

Compiled-in modules:

  mod_core.c

  mod_xfer.c

  mod_auth_unix.c

  mod_auth_file.c

  mod_auth.c

  mod_ls.c

  mod_log.c

  mod_site.c

  mod_delay.c

  mod_facts.c

  mod_ident.c

  mod_auth_pam.c

  mod_tls.c

  mod_cap.c

I have tried TLSOptions NoCertRequest with same results.

The directory that is set to default has chmod 775 with root as owner and users for group.

I have tried with SSL/TLS set to not required with same results. The server does have a firewall running on it, but the ports listed are allowed. I also tried with the firewall disabled. At this point I do not know where to look for the issue so any assistance is much appreciated.