Have you installed VSFTP in your OpenStack or Amazon EC2 VM and getting errors such as “Entering passive mode…connection failed“? If yes, then you have landed on the right page. This tutorial will help you to fix the FTP passive mode problem on VMs started in OpenStack cloud middle-ware and in Amazon EC2.
This error is common in FTP clients (such as WinSCP or FileZilla) that use passive mode. For instance, the FTP command-line tool will not have any problem and it should work normally.
In order to fix this error, follow the below steps.
How to Fix FTP passive mode problem in VMs
Step 1: First of all, you need to edit the vsftpd configuration file and enable passive mode. It’s also necessary to set the port range for the passive mode to work.
# vim /etc/vsftpd.conf
and add the below lines.
pasv_enable=YES
pasv_min_port=64000
pasv_max_port=64321
port_enable=YES
Step 2: The FTP server will listen to VM’s private IP address in-spite of having publicly accessible IP addresses associated with it (called Floating IP in OpenStack and Elastic IP in Amazon EC2). So, you may need to add the below lines to resolve the publicly accessible IP addresses.
pasv_address=<publicly-accessible-ip-or-floating-ip-or-elastic-ip>
pasv_addr_resolve=NO
Step 3: Allow FTP port and passive mode port range in security group configurations of OpenStack or EC2 instances.
For example:
- Login to OpenStack dashboard
- Click on “Access & Security” under the COMPUTE section.
- Click the “MANAGE RULES” button located in the corresponding security group.
- On the next page, you can add new rules (ADD RULE button) to allow inbound TCP rules for port 21 and passive mode port ranges.
In Amazon EC2, you need to dig into the management console and authorize port 21 and passive mode port ranges as shown below.
ec2-authorize default -p 21 ec2-authorize default -p 64000-64321
Step 4: Restart the VSFTP service.
# service vsftpd start
Step 5: Finally, try using any FTP client to connect to the server running on a VM and it should work without any problem.