FTP connection error: Failed to retrieve directory listing solution

The FTP service was established with the VSFTP software on the server, but the following error message service occurred while using the Fillazilla client to connect to the ftp:

The code is as follows

Copy Code

Status:resolving Address of Smilejay.com Status:connecting to 192.3.170.172:21 ... Status:connection established, waiting for welcome ... response:220 (vsftpd 2.2.2) Command:user Anonymous response:331 Please specify the password. Command:pass ************** response:230 Login successful. Command:syst response:215 UNIX Type:l8 Command:feat Response:211-features: Response:eprt Response:epsv Response:mdtm Response:pasv Response:rest STREAM Response:size Response:tvfs Response:utf8 response:211 End Command:opts UTF8 on response:200 Always in UTF8 mode. status:connected Status:retrieving Directory Listing ... Command:pwd response:257 "/" Command:type I RESPONSE:200 switching to Binary mode. Command:pas response:227 Entering passive Mode (192,3,170,172,132,153). Command:list Error:connection timed out error:failed to retrieve directory listing

for simple troubleshooting, the FTP 21 port is also turned on, and the firewall also opens access to TCP 21 ports, and the logon permissions are configured as well.
later, will be iptables before the fire is closed, it can be used normally.
But, why?

on the server side with the Watch NETSTAT-TNL command to view network connectivity, and then use FileZilla to connect to FTP, you will see a moment (in fact, after sending the PASV command), the server will see a more strange IP port connection, When the connection is good, it disappears.
In fact, this is the difference between FTP passive mode and active mode (see below for reference), and then FileZilla uses passive mode by default (of course, you can also change in Settings).

Of course, I said earlier that the iptables was closed and I wanted to re-enable the iptables, so how do I set the rules for which port to access?
When using passive mode, the FTP server side uses a TCP port that can be configured by the following:

The code is as follows	Copy Code
Pasv_enable=yes # Default YES. When enabled, passive mode connects are allowed. pasv_min_port=9900 pasv_max_port=9903 Port_enable=yes # Default NO. When enabled, active mode connects are allowed.

Then the access rights for the 9900, 9901, 9902, 9903, and 4 ports are opened in Iptables.