FTP server configuration Amazon EC2

OK, one of those annoying problems. You want / need an FTP server. Usually this is easy. I have build dozens of them, so an FTP server on Amazon a doddle you would think.

There are a few FTP servers that I use VSFTPD and PureFTP

I started with VSFTP as this is pretty easy to use.

yum install vsftpd

service vsftpd start

Open filezilla and FTP to the server. Because it is a default install anonymous is allowed you get a connection wow it works.

Issue an ls or LIST for the pub directory and then the pain starts.

Status: Connection established, waiting for welcome message…
Response: 220 (vsFTPd 2.2.2)
Command: USER anonymous
Response: 331 Please specify the password.
Command: PASS **************
Response: 230 Login successful.
Command: OPTS UTF8 ON
Response: 200 Always in UTF8 mode.
Status: Connected
Status: Retrieving directory listing…
Command: PWD
Response: 257 “/”
Status: Directory listing successful
Status: Retrieving directory listing…
Command: CWD /pub
Response: 250 Directory successfully changed.
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (10,235,43,17,199,120).
Status: Server sent passive reply with unroutable address. Using server address instead.
Command: LIST
Error: Connection timed out
Error: Failed to retrieve directory listing

Arrghh, now I know that FTP ls needs port 20 open as well as 21. I added the port to the security group, but still the same.

After looking in the VSFTPD documentation it does give you a hint that PASV mode which is needed for the ls command opens up a random port. So here is what you have to do. Either scrap you server if you have limited security groups and recreate or change one of the security groups for the server and ad a range of TCP ports. I always create my server with a SERVERNAME_MISC port group for these exact requirements.

Add a range of ports to the security group

e.g. 12000 – 120100

Also make sure that you have 20 & 21 in either this group or one of the other groups.

That is the Amazon bit done. (sorry I am not going into how to do this again there is an expectation that you have knowledge of Amazon AWS)

Back to the server now.

vi /etc/vsftpd/vsftpd.conf

Go to the bottom of the file and insert the following lines

pasv_enable=YES
port_enable=YES
pasv_address=x.x.x.x
pasv_min_port=12000
pasv_max_port=12100

Where the address is the external address of the server. Do not be tempted to use the DNS address which is possible with VSFTPD configuration this will not work. Save the file

service vsftpd restart

And you will have a working server. Now here comes the fun part, unless you allocate this an elastic IP address then if you shut this server down you will get a new IP address.  ARRRGGHHHH

OK with a little bit of bash then this is not that hard to do.

First copy the vsftpd.conf file, to a different location. I have kept this in the /etc/vsftpd directory

cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd_org.conf

You must remember to change the vsftpd_org.conf file if you change any of the settings.

Now find the we need to edit the vsftpd file in the init.d directory

vi /etc/init.d/vsftpd

Find the line that starts

start() {
# Start daemons.

and insert the following lines
ipaddress=`curl http://169.254.169.254/latest/meta-data/public-ipv4`

rm -f /etc/vsftpd/vsftpd.conf
cp /etc/vsftpd/vsftpd_org.conf /etc/vsftpd/vsftpd.conf

echo ‘pasv_enable=YES’ >> /etc/vsftpd/vsftpd.conf
echo ‘port_enable=YES’ >> /etc/vsftpd/vsftptd.conf
echo ‘pasv_address=$ipaddress’ >> /etc/vsftpd/vsftpd.conf
echo ‘pasv_min_port=12000’ >> /etc/vsftpd/vsftpd.conf
echo ‘pasv_max_port=12200’ >> /etc/vsftpd/vsftpd.conf

This will set the .conf file when the service is started.

 

More to come for the PureFTP configuration also, same idea that you need to specify ports for the PASV connection.

Alistair

---