Pure-FTPD - ECONNRESET - Connection reset by peer


I've a problem with connection with Pure-FTPD.
My NAT rules:


# pass in

 block drop out log (all) quick on $ext_if from any to $martians

 pass in on $ext_if proto tcp from any to any port 22   $tcpstate $stossh

# pass for jail ports
 pass in on $ext_if proto tcp from any to $IP_JAIL port 5555 $tcpstate $stossh
 pass in on $ext_if proto tcp from any to $IP_JAIL port 80 $tcpstate $stowww
 pass in on $ext_if proto tcp from any to $IP_JAIL port {20,21,113,6667,30000:50000} $tcpstate
 pass in on $ext_if proto udp from any to $IP_JAIL port 9987 $udpstate

Status:   Łączenie z
Status:   Połączenie nawiązanie, oczekiwanie na wiadomość powitalną...
Odpowiedź   220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Odpowiedź   220-You are user number 1 of 50 allowed.
Odpowiedź   220-Local time is now 09:10. Server port: 21.
Odpowiedź   220 You will be disconnected after 15 minutes of inactivity.
Polecenie:   USER bryn1u
Odpowiedź   331 User bryn1u OK. Password required
Polecenie:   PASS ************
Odpowiedź   230 OK. Current restricted directory is /
Polecenie:   SYST
Odpowiedź   215 UNIX Type: L8
Polecenie:   FEAT
Odpowiedź   211-Extensions supported:
Odpowiedź    EPRT
Odpowiedź    IDLE
Odpowiedź    MDTM
Odpowiedź    SIZE
Odpowiedź    MFMT
Odpowiedź    REST STREAM
Odpowiedź    MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Odpowiedź    MLSD
Odpowiedź    AUTH TLS
Odpowiedź    PBSZ
Odpowiedź    PROT
Odpowiedź    UTF8
Odpowiedź    ESTA
Odpowiedź    PASV
Odpowiedź    EPSV
Odpowiedź    SPSV
Odpowiedź   211 End.
Polecenie:   OPTS UTF8 ON
Odpowiedź   200 OK, UTF-8 enabled
Status:   Połączono
Status:   Uzyskiwanie listy katalogów...
Polecenie:   PWD
Odpowiedź   257 "/" is your current location
Polecenie:   TYPE I
Odpowiedź   200 TYPE is now 8-bit binary
Polecenie:   PASV
Error:   Can't read from socket: ECONNRESET - Connection reset by peer
Error:   Disconnected from server
Error:   Couldn't get list directory

And don't know what to do. I was looking for same solutions but found nothing.

Ehh, i was reading your link. I think i have done everything good. If i good remember this configuration worked before. I have opened passive range ports, redirection and pure-ftpd is configured well. Still don't know why it's not working :(

# Port range for passive connections replies. - for firewalling.

 PassivePortRange          30000 50000

# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
# Symbolic host names are also accepted for gateways with dynamic IP
# addresses.


# Upload/download ratio for anonymous users.

# AnonymousRatio                1 10

# Upload/download ratio for all users.
# This directive superscedes the previous one.

# UserRatio                 1 10

# Disallow downloading of files owned by "ftp", ie.
# files that were uploaded but not validated by a local admin.

AntiWarez                   yes

# IP address/port to listen to (default=all IP and port 21).

 Bind            ,21
I'm not familiar with your FTP daemon, and perhaps this is a very basic tip, but does your firewall returns some error messages that could give you a hint? The rules need to be set in a specific way so error messages can be generated. Also, can the system run with the firewall turned off? This may help you isolate the problem, daemon or firewall related.