Strange behavior after upgrading ProFTPD to Debian 11

[yrvyrv]

Hello everybody!!
After the (apparently) successful upgrade to Debian 11 my ProFTPD server has stopped working! After a lot of tests I have verified in my firewall that the source port of data connection changes, instead of using 20 as always it uses a random one, random origin and random destination, and I don't know why!!!

[lindi]

FTP protocol supports two transfer modes: passive and active. Active mode uses port 20 as the source port. Passive mode uses a random port. The client can choose the mode that it wants to use.

[yrvyrv]

I am refering to active mode of course.

[p.H]

I have verified in my firewall that the source port of data connection changes

Which firewall ?

[yrvyrv]

My company firewall, in fact I have an iptables rule that permit outgoing traffic from port 20 and I tested disabling iptables and then I see the traffic in my firewall.

[p.H]

Unclear. Is the iptables rule on the firewall, the server or another machine ?

[yrvyrv]

OK. I have iptables in the server and have another firewall in the network, this last one is where i see differents ports as source, but only after disabling iptables in the server because in the iptables only permits port 20 as source, when disable iptables I can see in the organization firewall that the source port changes, I see souce and destination ports changing ramdomly in each connection.

[p.H]

Check this: http://www.proftpd.org/docs/modules/mod ... RootRevoke
Also: http://www.proftpd.org/docs/modules/mod_cap.html
Make sure you understand the security implications before setting RootRevoke off.

[yrvyrv]

In ProFTPD 1.3.7rc1 and later, the default value for RootRevoke became on...this is exactly what happens to me, thank you very much!!!