vsftpd client not working from Amazon EC2 server

612 views
Skip to first unread message

Ajay Mandera

unread,
Mar 4, 2014, 9:53:35 AM3/4/14
to vg...@googlegroups.com
Hi All,

I have setup vsftpd server on ubuntu 13.04,which is hosted on linode.com. Now I am trying to connect (as a ftp client) through one windows ec2 instance and ubuntu ec2 instance running on amazon, both are giving me some errors " 500 Illegal PORT command" and "425 Use PORT or PASV first"

I am able to login through credentials,but when I run any command it throw the same message.
I am able to send and receive files via ftp from my office. All firewalls are disable right now.

I checked log file but it has only record of login.

Need suggestion what to do to solve this problem.   




Regards,
Ajay Mandera

Tejas Barot

unread,
Mar 6, 2014, 3:43:31 AM3/6/14
to VGLUG
Hello,


On Tue, Mar 4, 2014 at 8:23 PM, Ajay Mandera <am6...@gmail.com> wrote:
Hi All,

I have setup vsftpd server on ubuntu 13.04,which is hosted on linode.com. Now I am trying to connect (as a ftp client) through one windows ec2 instance and ubuntu ec2 instance running on amazon, both are giving me some errors " 500 Illegal PORT command" and "425 Use PORT or PASV first"

I was getting same kind of issue few days back.

Try to add following lines to /etc/vsftpd/vsftpd.conf

pasv_enable=YES
port_enable=YES
pasv_min_port=4900
pasv_max_port=4910
pasv_address=<server-live-ip>

service vsftpd restart

Also add passive ports (4900-4910) to security/firewall group from EC2 Instance's Web console. 

Hope it will help you. 
 

I am able to login through credentials,but when I run any command it throw the same message.
I am able to send and receive files via ftp from my office. All firewalls are disable right now.

I checked log file but it has only record of login.

Need suggestion what to do to solve this problem.   




Regards,
Ajay Mandera

--
Please read http://www.catb.org/~esr/faqs/smart-questions.html before posting.
You received this message because you are subscribed to the "Vibrant GNU/Linux User Group".
To stop receiving emails from this group, mail to VGLUG+un...@googlegroups.com
To post to this group, send email to VG...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/VGLUG

---
You received this message because you are subscribed to the Google Groups "VGLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vglug+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



--
Thanks & Regards,
Tejas Barot
Linux Consultant,
Red Hat Certified Engineer,
Linux Blog:- http://www.tejasbarot.com
Facebook :-  http://www.fb.me/tejasbarot.official
Facebook Page :- http://www.fb.me/AllLinuxUsersBlog
Twitter :- https://twitter.com/imtejasbarot
LinkedIn :- http://in.linkedin.com/in/imtejasbarot

Ajay Mandera

unread,
Mar 6, 2014, 11:59:55 PM3/6/14
to vg...@googlegroups.com
Thanks for reply.

I had done this before and I think if my server is on amazon then this should definitely work,because amozon might create problem of internal and external IP, but my server is on linode and ftp client running on amazon.

Also I have open all port from amazon web console and windows firewall. I doubt about windows firewall, haven't work with windows before so can't identify the problem.

Regards,
Ajay

Tejas Barot

unread,
Mar 7, 2014, 12:06:56 AM3/7/14
to VGLUG
Hello,

On Fri, Mar 7, 2014 at 10:29 AM, Ajay Mandera <am6...@gmail.com> wrote:
Thanks for reply.

I had done this before and I think if my server is on amazon then this should definitely work,because amozon might create problem of internal and external IP, but my server is on linode and ftp client running on amazon.

Yes, Amazon Creates problem as you mentioned, Agree.
 

Also I have open all port from amazon web console and windows firewall. I doubt about windows firewall, haven't work with windows before so can't identify the problem.

If you have doubt about Windows Firewall, You can disable for a while to test where exactly the issue is, its not recommended on live servers though !
 
For more options, visit https://groups.google.com/d/optout.

Alok Thaker

unread,
Mar 7, 2014, 12:16:19 AM3/7/14
to VGLUG
Hi,

Paste or attach your vsftpd.conf file here. Also what parameters have you changed in the file.

Thanks & Regards,
Alok


On Fri, Mar 7, 2014 at 10:29 AM, Ajay Mandera <am6...@gmail.com> wrote:
For more options, visit https://groups.google.com/d/optout.

Ajay Mandera

unread,
Mar 7, 2014, 12:55:09 AM3/7/14
to vg...@googlegroups.com
Below is my vsftpd.conf on server,


# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone?  vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by default)
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in  your  local  time  zone.  The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
chroot_local_user=YES
chown_username=ajay
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list
secure_chroot_dir=/home/ajay/
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
#secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
# This option specifies the location of the RSA key to use for SSL
# encrypted connections.
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
seccomp_sandbox=NO
userlist_enable=YES
userlist_file=/etc/vsftpd.allowed_users
guest_enable=YES
local_root=/home/vftp/
pasv_enable=YES
pasv_min_port=4000
pasv_max_port=4600
port_enable=YES
pasv_address=x.x.x.x<server-ip>
allow_writeable_chroot=YES


Hope this help if I have made some mistake in conf file.
I have made 4000-4600 ports as a passive port for a test on server and from client side I have opened the same ports. I have also changed the dynamic port range of windows from 49152-65535 to 4000-4700, because from client side command channel and data channel uses dynamic ports in windows.


Regards,
Ajay

Ajay Mandera

unread,
Mar 7, 2014, 1:02:51 AM3/7/14
to vg...@googlegroups.com
This is test server so I have disabled the firewall, still same response.


Regards,
Ajay

Ajay Mandera

unread,
Mar 8, 2014, 4:39:09 AM3/8/14
to vg...@googlegroups.com
Hi,

Today, in log file I saw the windows ftp client(from amazon) sends internal it's internal IP and port to ubuntu server.
In server vsftpd log file I found,

"FTP command: Client "54.X.X.X", "PORT 172,X,X,X,19,36"

where 54.x.x.x is a external IP and 172.x.x.x is a internal IP of windows client on amazon.

So i think problem is the issue of internal and external IP.

can I configure my ftp client to use one particular IP ??


Regards,
Ajay
--
Ajay Mandera
System Administrator
Plus91 Technologies Private Limited

Tejas Barot

unread,
Mar 8, 2014, 11:18:37 AM3/8/14
to VGLUG
Hi Ajay,


On Sat, Mar 8, 2014 at 3:09 PM, Ajay Mandera <am6...@gmail.com> wrote:
Hi,

Today, in log file I saw the windows ftp client(from amazon) sends internal it's internal IP and port to ubuntu server.
In server vsftpd log file I found,

Which FTP client you are using !?
 

"FTP command: Client "54.X.X.X", "PORT 172,X,X,X,19,36"

where 54.x.x.x is a external IP and 172.x.x.x is a internal IP of windows client on amazon.

So i think problem is the issue of internal and external IP.

Have you tried to connect to FTP from any other client thn the Amazon !?
 

can I configure my ftp client to use one particular IP ??

If you have filezilla thn Filezilla is having few option where you can tell FTP Client (FileZilla) to connect using provided IP, which you can try by putting your Amazon's Public IP.

In Linux its under Settings, may be the same for windows.

Hope this will helps you.

Bhushan

unread,
Mar 9, 2014, 10:12:54 AM3/9/14
to vg...@googlegroups.com
Hi Ajay,

Today, in log file I saw the windows ftp client(from amazon) sends internal it's internal IP and port to ubuntu server.
In server vsftpd log file I found,

"FTP command: Client "54.X.X.X", "PORT 172,X,X,X,19,36"

where 54.x.x.x is a external IP and 172.x.x.x is a internal IP of windows client on amazon.

The problem which you mentioned here can be solved by changing pasv_address parameter in vsftp.conf, i.e. already configured in your case. First verify that ipaddress configured as value is correct and external live ipaddress.

Now if configuration is right then there might be some problem with the ftp server. Please give us the version of the ftp server which you are using with ubuntu. There were some specific ftp server where this option was not working even though it is configured in vsftpd.conf.

Please check below thread which shows one version problem.
http://marc.info/?l=freebsd-ports&m=125093714401480

Regards,
Bhushan Karia

Ajay Mandera

unread,
Mar 10, 2014, 3:48:02 AM3/10/14
to vg...@googlegroups.com
Thanks all for continue looking over the issue.

TejayBhai,
I had tried with filezilla last saturday, as settings you told in reply and it works fine but it not works for the windows ftp client (C:\Windows\System32\ftp.exe). My application need command prompt and run ftp command through it. That's why I was asking that, is there any way to change IP which OS directly know and send ftp request from that IP address?

Bhusan Sir,
My vsftpd version is 3.0.2 and ubuntu is 13.04.
I tested on other machine (from my office and from other vps), it works fine but the problem happens with amazon ec2.


Regards,
Ajay


--
Please read http://www.catb.org/~esr/faqs/smart-questions.html before posting.
You received this message because you are subscribed to the "Vibrant GNU/Linux User Group".
To stop receiving emails from this group, mail to VGLUG+un...@googlegroups.com
To post to this group, send email to VG...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/VGLUG

---
You received this message because you are subscribed to the Google Groups "VGLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vglug+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Tejas Barot

unread,
Mar 10, 2014, 10:27:07 AM3/10/14
to VGLUG
Hi Ajay,

You want from Windows command prompt ? Right !?

I'll find out way and will post it here.

--
Thanks & Regards,
Tejas Barot
Linux Consultant,
Red Hat Certified Engineer,
Linux Blog:- http://www.tejasbarot.com
Facebook :- http://www.fb.me/tejasbarot.official
Facebook Page :- http://www.fb.me/AllLinuxUsersBlog
Twitter :- https://twitter.com/imtejasbarot
LinkedIn :- http://in.linkedin.com/in/imtejasbarot

Sent on my BlackBerry® from Vodafone

From: Ajay Mandera <am6...@gmail.com>
Date: Mon, 10 Mar 2014 13:18:02 +0530
Subject: Re: [VGLUG] Re: vsftpd client not working from Amazon EC2 server

am6...@gmail.com

unread,
Mar 10, 2014, 11:11:07 AM3/10/14
to vg...@googlegroups.com
Yes Tejasbhai.

Thanks,
Ajay

-----Original Message-----
From: "Tejas Barot"
Sent: 10-03-2014, 7:57 PM
To: "VGLUG"
Subject: Re: [VGLUG] Re: vsftpd client not working from Amazon EC2 server


Hi Ajay,

You want from Windows command prompt ? Right !?

I'll find out way and will post it here.


--
Thanks & Regards,
Tejas Barot
Linux Consultant,
Red Hat Certified Engineer,
Linux Blog:- http://www.tejasbarot.com
Facebook :- http://www.fb.me/tejasbarot.official
Facebook Page :- http://www.fb.me/AllLinuxUsersBlog
Twitter :- https://twitter.com/imtejasbarot
LinkedIn :- http://in.linkedin.com/in/imtejasbarot

Sent on my BlackBerry® from Vodafone

-----Original Message-----
From: Ajay Mandera <am6...@gmail.com>
Sender: vg...@googlegroups.com
Date: Mon, 10 Mar 2014 13:18:02
To: <vg...@googlegroups.com>
Reply-To: vg...@googlegroups.com
Subject: Re: [VGLUG] Re: vsftpd client not working from Amazon EC2 server

Thanks all for continue looking over the issue.

TejayBhai,
I had tried with filezilla last saturday, as settings you told in reply and
it works fine but it not works for the windows ftp client
(C:\Windows\System32\ftp.exe). My application need command prompt and run
ftp command through it. That's why I was asking that, is there any way to
change IP which OS directly know and send ftp request from that IP address?

Bhusan Sir,
My vsftpd version is 3.0.2 and ubuntu is 13.04.
I tested on other machine (from my office and from other vps), it works
fine but the problem happens with amazon ec2.


Regards,
Ajay


On Sun, Mar 9, 2014 at 7:42 PM, Bhushan <bhusha...@gmail.com> wrote:

> Hi Ajay,
>
>
>
>
>
>
>
>
> *Today, in log file I saw the windows ftp client(from amazon) sends
> internal it's internal IP and port to ubuntu server.In server vsftpd log
> file I found, "FTP command: Client "54.X.X.X", "PORT 172,X,X,X,19,36"where
> 54.x.x.x is a external IP and 172.x.x.x is a internal IP of windows client
> on amazon.*The problem which you mentioned here can be solved by changing
*Ajay Mandera*
*System Administrator*
*Plus91 Technologies Private Limited*
Reply all
Reply to author
Forward
0 new messages