linux

Is vsftpd not running in passive mode?

There is a corporate network, here's the scheme.

I need the user 10.40.2.250 to be able to connect to ftp 10.49.1.166. At the moment, only the client subnet can get to ftp without problems. Comp 10.40.2.250 when trying to get the error "Unable to communicate with the server" Here are the rules that are in iptables

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -d 10.49.1.166
-p tcp --dport 20 -j ACCEPT
21 -j ACCEPT
iptables -A FORWARD -d 10.49.1.166 -p tcp --dport 40000:40050 -j ACCEPT

here is the vsftp config:

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=023
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=YES
chown_username=admin
xferlog_file=/var/log/vsftpd.log
ascii_upload_enable=
YES
ascii_enable_download_download =YES
allow_writeable_chroot=YES
chroot_local_user=YES
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
pasv_enable=YES
pasv_max_port=40050
pasv_min_port =40000

The logs are empty, I have already broken my whole head, by the way, if you put vsftpd on the gateway itself and prescribe the same rules only for INPUT, everything works fine. Thanks in advance