At some point in the last few months, ProFTPd stopped working on several of the servers we maintain. Since it was working before, we didn’t change any of the configuration files, and it stopped working on several servers independently, I’m guessing that this was due to a change in the default config of ProFTPd, or at least the Debian Jessie version of ProFTPd. There’s an easy workaround but not a real solution at time of writing.
All of our servers running ProFTPd require login authentication, require TLS for both authentication and data transfer, and have IPv6 enabled. When testing, I discovered that it was possible to log in remotely but then the data transfer always failed with a “Connection refused” error in both active and passive mode. At first I thought it was a firewall issue, as I was able to both log in and do data transfer when connecting from localhost. The helpful folks at Mythic Beasts pointed out that the data connection was binding to an IPv6 address for data transfer, instead of the IPv4 address that was used for authentication. They advised setting UseIPv6 off in proftpd.conf, which got things working again. However, this seems a lot like a bug since the data connection should be binding to the same IP address as the authentication attempt. All of the servers in question have multiple IPv4 addresses which don’t cause problems, implying that the bug is specific to IPv6. Disabling IPv6 might get things working again if your primary IP addresses are IPv4, but if you need both IPv4 and IPv6 then it’s not a real solution. Unfortunately I haven’t been able to find a proper fix. Suggestions welcome in the comments!