I created a virtual Host today and checked the checkbox “Enable FTP access”. When I try to connect to the FTP-Nethserver, the Firewall-logs are showing
Aug 20 22:34:55 mail kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=[...] SRC=31.16.xxx.yyy DST=192.168.1.12 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=25814 DF PROTO=TCP SPT=53177 DPT=21 WINDOW=8192 RES=0x00 SYN URGP=0
For me it looks like the firewall blocks the FTP access, right?
My expectation for the function of the virtual host-setting would be, that FTP works without any other manual adjustments.
Unless we are missing something, at the moment it works like this:
Go to Management → VirtualHosts: create new virtual host (filling up the settings), and Enable FTP access, setting the desired ftp credentials.
Go to Configuration → FTP: Configure (tab) to enable the ftp server (if it isn’t).
At this stage, ftp access works for the GREEN zone.
Go to Security → Network services: Edit the vsftpd (FTP server) and under Allow access from zones check the zones from where you want ftp to be accessed (in your case, RED zone).
Seems reasonable.
Maybe the Allow access from trusted networks only could also be tied to the FTP service, so when it is unchecked ftp access is allowed from any zone. But maybe there are admins that would prefer fine-grained control (separate checkboxes for each feature: vhosts, ftp).