vsftpd fails LIST command even when firewall is off and on localhost

Question

I installed vsftpd and am using ufw as my firewall. I can connect to the ftp server, login, and change directories, but any attempt at using a LIST command times out from both external and localhost. From reading other answers, I am led to believe this is due to my passive ports not being opened correctly. However, as far as I can tell the ports are open in ufw. Also, when I run ufw disable and try again the issue still occurs. The fact that this happens on the same host as the server leads me to believe something else is amiss on my system.

vsftpd log (/var/log/vsftpd)

Tue Jan  2 21:22:03 2024 [pid 2] CONNECT: Client "127.0.0.1"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", "220 (vsFTPd 3.0.3)"
Tue Jan  2 21:22:03 2024 [pid 2] FTP command: Client "127.0.0.1", "FEAT"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", "211-Features:"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " EPRT??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " EPSV??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " MDTM??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " PASV??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " REST STREAM??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " SIZE??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " TVFS??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " UTF8??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", "211 End"
Tue Jan  2 21:22:03 2024 [pid 2] FTP command: Client "127.0.0.1", "OPTS UTF8 ON"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", "200 Always in UTF8 mode."
Tue Jan  2 21:22:03 2024 [pid 2] FTP command: Client "127.0.0.1", "USER anonymous"
Tue Jan  2 21:22:03 2024 [pid 2] [anonymous] FTP response: Client "127.0.0.1", "331 Please specify the password."
Tue Jan  2 21:22:03 2024 [pid 2] [anonymous] FTP command: Client "127.0.0.1", "PASS <password>"
Tue Jan  2 21:22:03 2024 [pid 1] [ftp] OK LOGIN: Client "127.0.0.1", anon password "lftp@"
Tue Jan  2 21:22:03 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "230 Login successful."
Tue Jan  2 21:22:03 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "PWD"
Tue Jan  2 21:22:03 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "257 "/" is the current directory"
Tue Jan  2 21:22:08 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /tv"
Tue Jan  2 21:22:08 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Jan  2 21:22:16 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /nonefolder"
Tue Jan  2 21:22:16 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "550 Failed to change directory."
Tue Jan  2 21:22:19 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /"
Tue Jan  2 21:22:19 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Jan  2 21:22:19 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "PASV"
Tue Jan  2 21:22:19 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,39,111)."
Tue Jan  2 21:22:19 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "LIST"
Tue Jan  2 21:22:27 2024 [pid 2] CONNECT: Client "127.0.0.1"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", "220 (vsFTPd 3.0.3)"
Tue Jan  2 21:22:27 2024 [pid 2] FTP command: Client "127.0.0.1", "FEAT"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", "211-Features:"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " EPRT??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " EPSV??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " MDTM??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " PASV??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " REST STREAM??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " SIZE??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " TVFS??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " UTF8??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", "211 End"
Tue Jan  2 21:22:27 2024 [pid 2] FTP command: Client "127.0.0.1", "OPTS UTF8 ON"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", "200 Always in UTF8 mode."
Tue Jan  2 21:22:27 2024 [pid 2] FTP command: Client "127.0.0.1", "USER anonymous"
Tue Jan  2 21:22:27 2024 [pid 2] [anonymous] FTP response: Client "127.0.0.1", "331 Please specify the password."
Tue Jan  2 21:22:27 2024 [pid 2] [anonymous] FTP command: Client "127.0.0.1", "PASS <password>"
Tue Jan  2 21:22:27 2024 [pid 1] [ftp] OK LOGIN: Client "127.0.0.1", anon password "lftp@"
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "230 Login successful."
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /tv"
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "PASV"
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,39,112)."
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "LIST"
Tue Jan  2 21:22:42 2024 [pid 2] CONNECT: Client "127.0.0.1"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", "220 (vsFTPd 3.0.3)"
Tue Jan  2 21:22:42 2024 [pid 2] FTP command: Client "127.0.0.1", "FEAT"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", "211-Features:"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " EPRT??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " EPSV??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " MDTM??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " PASV??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " REST STREAM??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " SIZE??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " TVFS??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " UTF8??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", "211 End"
Tue Jan  2 21:22:42 2024 [pid 2] FTP command: Client "127.0.0.1", "OPTS UTF8 ON"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", "200 Always in UTF8 mode."
Tue Jan  2 21:22:42 2024 [pid 2] FTP command: Client "127.0.0.1", "USER anonymous"
Tue Jan  2 21:22:42 2024 [pid 2] [anonymous] FTP response: Client "127.0.0.1", "331 Please specify the password."
Tue Jan  2 21:22:42 2024 [pid 2] [anonymous] FTP command: Client "127.0.0.1", "PASS <password>"
Tue Jan  2 21:22:42 2024 [pid 1] [ftp] OK LOGIN: Client "127.0.0.1", anon password "lftp@"
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "230 Login successful."
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /tv"
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "PASV"
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,39,106)."
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "LIST"

lftp log

[root@ladybug ~]# lftp
lftp :~> open 127.0.0.1
lftp 127.0.0.1:~> cd
cd ok, cwd=/
lftp 127.0.0.1:/> cd tv
cd ok, cwd=/tv
lftp 127.0.0.1:/tv> cd ..
lftp 127.0.0.1:/> cd nonefolder
cd: Access failed: 550 Failed to change directory. (/nonefolder)
lftp 127.0.0.1:/> ls
ls: Fatal error: 500 OOPS:           
lftp 127.0.0.1:/> cd tv
lftp 127.0.0.1:/tv> ls
ls: Fatal error: 500 OOPS:                 
lftp 127.0.0.1:/tv> 

Filezilla log (different run than above two)

Status: Connecting to 192.168.1.12:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is the current directory
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   227 Entering Passive Mode (192,168,1,12,39,110).
Command:    LIST
Error:  Could not read from transfer socket: ECONNRESET - Connection reset by peer
Error:  Connection closed by server
Error:  Failed to retrieve directory listing
Status: Disconnected from server
Status: Connecting to 192.168.1.12:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is the current directory
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   227 Entering Passive Mode (192,168,1,12,39,114).
Command:    LIST
Error:  Connection closed by server
Error:  Failed to retrieve directory listing

/etc/vsftpd.conf

log_ftp_protocol=YES
xferlog_enable=YES
pasv_enable=YES
pasv_max_port=10100
pasv_min_port=10090
local_umask=022
anon_umask=022
anonymous_enable=YES
anon_upload_enable=YES
anon_root=/mnt/hdd-8tb/home/ftpd/
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
chown_uploads=YES
chown_username=ftpd
listen=YES
pam_service_name=vsftpd

ufw rules (when active)

To                         Action      From
--                         ------      ----
20/tcp                     ALLOW       Anywhere                  
21/tcp                     ALLOW       Anywhere                  
10090:10100/tcp            ALLOW       Anywhere                  
20/tcp (v6)                ALLOW       Anywhere (v6)             
21/tcp (v6)                ALLOW       Anywhere (v6)             
10090:10100/tcp (v6)       ALLOW       Anywhere (v6)  

ftp root permissions

ftpd@ladybug:/mnt/hdd-8tb/home/ftpd$ ls -la
total 52
dr-xr-xr-x  9 ftpd ftpd 4096 Jan  1 18:47 .
drwxr-xr-x 14 root root 4096 Jan  1 18:39 ..
-rw-rw-r--  1 ftpd ftpd 3339 Jan  2 21:20 .bash_history
-rw-rw-r--  1 ftpd ftpd  220 Jan 28  2023 .bash_logout
-rw-rw-r--  1 ftpd ftpd 3771 Jan 28  2023 .bashrc
drwxr-xr-x  9 ftpd ftpd 4096 Jul 29 21:46 books
drwxr-xr-x  5 ftpd ftpd 4096 Apr 13  2023 comics
drwxr-xr-x 10 ftpd ftpd 4096 Dec 31 18:44 games
drwxr-xr-x  7 ftpd ftpd 4096 Aug 25 21:20 movies
drwxr-xr-x 16 ftpd ftpd 4096 Apr 13  2023 music
-rw-rw-r--  1 ftpd ftpd  807 Jan 28  2023 .profile
drwxr-xr-x 16 ftpd ftpd 4096 Nov 12 20:49 tv
drwxr-xr-x  2 ftpd ftpd 4096 Jan  1 18:47 util

I don't know what else to try. It seems like vsftpd is just not accepting connections on those ports even though I specified them. Willing to try anything at this point.

Answer 1

After doing a literal exhaustive search on google, I found the answer that relates to LIST commands being dropped.

From the archlinux wiki:

4.7 VSFTPD reset connect via LIST command

  > seccomp_sandbox=NO

into the vsftpd.conf file fixes this issue 

It looks like similar answers have come up here and here which have different symptoms but the same fix. Neither of these mentioned the issue with LIST, which I think is why I didn't find them initially. Why does adding this to the conf file fix anything at all? This flag isn't documented in the vsftpd.conf man page, the website or any wiki that I can find. Downloading the source reveals it is a valid option in parseconf.c

parseconf.c:  { "seccomp_sandbox", &tunable_seccomp_sandbox },

And it looks like the default, at least on the latest vsftpd build, is disabled.

tunables.c:  tunable_seccomp_sandbox = 0;

I have no idea why it is enabled in my version, why this buggy feature is not documented in the public facing docs at all, or why the error message is no help in pointing to the solution. Really frustrating. Anyway, I hope this thread helps give some context in case someone has the same issue.