FTP server configuration Amazon EC2
Posted: July 3, 2012 Filed under: Amazon AWS, EC2, IT Survival | Tags: Amazon, Amazon Security groups, EC2, FTP server, PASV 2 CommentsOK, one of those annoying problems. You want / need an FTP server. Usually this is easy. I have build dozens of them, so an FTP server on Amazon a doddle you would think.
There are a few FTP servers that I use VSFTPD and PureFTP
I started with VSFTP as this is pretty easy to use.
yum install vsftpd
service vsftpd start
Open filezilla and FTP to the server. Because it is a default install anonymous is allowed you get a connection wow it works.
Issue an ls or LIST for the pub directory and then the pain starts.
Status: Connection established, waiting for welcome message…
Response: 220 (vsFTPd 2.2.2)
Command: USER anonymous
Response: 331 Please specify the password.
Command: PASS **************
Response: 230 Login successful.
Command: OPTS UTF8 ON
Response: 200 Always in UTF8 mode.
Status: Connected
Status: Retrieving directory listing…
Command: PWD
Response: 257 “/”
Status: Directory listing successful
Status: Retrieving directory listing…
Command: CWD /pub
Response: 250 Directory successfully changed.
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (10,235,43,17,199,120).
Status: Server sent passive reply with unroutable address. Using server address instead.
Command: LIST
Error: Connection timed out
Error: Failed to retrieve directory listing
Arrghh, now I know that FTP ls needs port 20 open as well as 21. I added the port to the security group, but still the same.
After looking in the VSFTPD documentation it does give you a hint that PASV mode which is needed for the ls command opens up a random port. So here is what you have to do. Either scrap you server if you have limited security groups and recreate or change one of the security groups for the server and ad a range of TCP ports. I always create my server with a SERVERNAME_MISC port group for these exact requirements.
Add a range of ports to the security group
e.g. 12000 – 120100
Also make sure that you have 20 & 21 in either this group or one of the other groups.
That is the Amazon bit done. (sorry I am not going into how to do this again there is an expectation that you have knowledge of Amazon AWS)
Back to the server now.
vi /etc/vsftpd/vsftpd.conf
Go to the bottom of the file and insert the following lines
pasv_enable=YES
port_enable=YES
pasv_address=x.x.x.x
pasv_min_port=12000
pasv_max_port=12100
Where the address is the external address of the server. Do not be tempted to use the DNS address which is possible with VSFTPD configuration this will not work. Save the file
service vsftpd restart
And you will have a working server. Now here comes the fun part, unless you allocate this an elastic IP address then if you shut this server down you will get a new IP address. ARRRGGHHHH
OK with a little bit of bash then this is not that hard to do.
First copy the vsftpd.conf file, to a different location. I have kept this in the /etc/vsftpd directory
cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd_org.conf
You must remember to change the vsftpd_org.conf file if you change any of the settings.
Now find the we need to edit the vsftpd file in the init.d directory
vi /etc/init.d/vsftpd
Find the line that starts
start() {
# Start daemons.
and insert the following lines
ipaddress=`curl http://169.254.169.254/latest/meta-data/public-ipv4`
rm -f /etc/vsftpd/vsftpd.conf
cp /etc/vsftpd/vsftpd_org.conf /etc/vsftpd/vsftpd.conf
echo ‘pasv_enable=YES’ >> /etc/vsftpd/vsftpd.conf
echo ‘port_enable=YES’ >> /etc/vsftpd/vsftptd.conf
echo ‘pasv_address=$ipaddress’ >> /etc/vsftpd/vsftpd.conf
echo ‘pasv_min_port=12000’ >> /etc/vsftpd/vsftpd.conf
echo ‘pasv_max_port=12200’ >> /etc/vsftpd/vsftpd.conf
This will set the .conf file when the service is started.
More to come for the PureFTP configuration also, same idea that you need to specify ports for the PASV connection.
Alistair
Thank you for the pointers on the pasv_ settings — saved me bunches of time
Reblogged this on Amazon AWS tips n Tricks.