Fix FTP Passive Mode problem on OpenStack & EC2 VMs
Have you installed VSFTP in your OpenStack or Amazon EC2 VM and getting errors such as “Entering passive mode…connection failed“? If yes, then you have landed on the right page. This tutorial will help you to fix FTP passive mode problem on VMs started in OpenStack cloud middle-ware and in Amazon EC2.
This error is common in FTP clients (such as WinSCP or FileZilla) that uses passive mode. For instance, the FTP command line tool will not have any problem and it should work normally.
In order to fix this error, follow the below steps.
How to Fix FTP passive mode problem in VMs
Step 1: First of all, you need to edit the vsftpd configuration file and enable passive mode. It’s also necessary to set port range for passive mode to work.
# vim /etc/vsftpd.conf
and add the below lines.
pasv_enable=YES pasv_min_port=64000 pasv_max_port=64321 port_enable=YES
Step 2: The FTP server will listen on VM’s private IP address in-spite of having publicly accessible IP address associated with it (called as Floating IP in OpenStack and Elastic IP in Amazon EC2). So, you may need to add the below lines to resolve publicly accessible IP address.
Step 3: Allow FTP port and passive mode port ranges in security group configurations of OpenStack or EC2 instances.
- Login to OpenStack dashboard
- Click on “Access & Security” under COMPUTE section.
- Click “MANAGE RULES” button located in the corresponding security group.
- In the next page, you can add new rules (ADD RULE button) to allow inbound TCP rules for port 21 and passive mode port ranges.
In Amazon EC2, you need dig into the management console and authorize port 21 and passive mode port ranges as shown below.
ec2-authorize default -p 21 ec2-authorize default -p 64000-64321
Step 4: Restart VSFTP service.
# service vsftpd start
Step 5: Finally, try using any FTP client to connect to the server running on a VM and it should work without any problem.