CODEWITHSUNDEEP
amazon-ec2ftpec2-amivsftpd
onkar
onkar

Reputation: 1189

vsftpd error Listing Directories

I installed vsftpd on amazon ec2 with fedora instance and it is the latest version but I am getting the error: In CuteFTP:

COMMAND:> PASV 227 Entering Passive Mode (192,168,10,46,14,20)
COMMAND:> LIST
ERROR:> Can’t connect to remote server. Socket error = #10065.
ERROR:> PASV failed, trying PORT.

In Filezilla:

Command: PASV Response: 227 Entering Passive Mode (192,168,10,46,14,20)
Command: LIST Error: Connection timed out
Error: Failed to retrieve directory listing.

Trying to Connect thro' Shell and showing me list of directories.

Upvotes: 31

Views: 96868

Answers (7)

longda
longda

Reputation: 10423

Just had this same exact issue... this typically only affects GUI ftp clients that use a passive mode (which is pretty common). For instance, when using the standard ftp command line tool, I was able to successfully login and upload files to my ftp server.

The steps to correct are:

  1. Add the following settings to your /etc/vsftpd.conf file:

    pasv_enable=YES pasv_min_port=64000 pasv_max_port=64321 port_enable=YES

  2. Also add one of the following config chunks to your /etc/vsftpd.conf file, based on your situation (either way, this needs to resolve to a public accessible IP):

a:

pasv_address=<your-static-ip-most-likely-from-elastic-ips>
pasv_addr_resolve=NO

-OR-

b:

pasv_address=<your-publicly-resolvable-host-name>
pasv_addr_resolve=YES
  1. In your security group configuration for ec2 instances, add the following custom inbound tcp rules:
  • Enable ports 20-21 for standard ftp
  • Enable your passive ports as defined in the config sections above (I used 64000-64321)
  1. Restart your vsftpd service (varies depending on your flavor of linux)

Note: pasv port range should be visible outside from the firewall, NAT

References for more info:

Upvotes: 71

sailfish009
sailfish009

Reputation: 2929

if some configuration like below in vsftpd.conf:

pasv_enable=YES
pasv_min_port=64000
pasv_max_port=64321

try to open firewall:

# yum install -y epel-release
# yum install -y ufw
# sudo ufw allow from any to any proto tcp port 64000:64321

sudo iptables -A INPUT -p tcp –dport 64000:64321 -j ACCEPT

Upvotes: 0

Nabeel Khan
Nabeel Khan

Reputation: 3983

error: failed to retrieve directory listing on amazon ec2 can be fixed by simply changing transfer mode to active.

this post explains how to get it done easily using filezilla:

https://nabtron.com/error-while-connecting-to-amazon-ec2-via-ftp-solution/

Upvotes: 20

Pramod Waikar
Pramod Waikar

Reputation: 95

This work for me;

Below is configuration in /etc/vsftpd.conf

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
chroot_local_user=YES
allow_writeable_chroot=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
pam_service_name=ftp
pasv_enable=YES
pasv_min_port=13000
pasv_max_port=13100
port_enable=YES
pasv_address=AWS-IP-Address
pasv_addr_resolve=no

SAVE and Restart the service

$ sudo service vsftpd restart

Open below ports in security group

  • custom TCP 20 from 0.0.0.0/0
  • custom TCP 21 from 0.0.0.0/0
  • custom TCP 13000 from 0.0.0.0/0
  • custom TCP 13100 from 0.0.0.0/0

You may get below error while connecting from FileZilla FTP client;

Error:  Connection timed out
Error:  Failed to retrieve directory listing

To resolve this;

  • Open Filezilla, go to Edit -> Settings
  • Click on Connection -> FTP: Choose Active
  • Click on Connection -> FTP -> Active Mode: Select "Ask your operating system for the external IP address"
  • Click on Connection -> FTP -> Passive Mode: Choose Fall Back to Active Mode Press OK.

Try connecting to your FTP site once again.

Upvotes: 3

Alex
Alex

Reputation: 41

With version vsftpd-3.0.2-1.el5.x86_64.rpm for me helped the following settings:

pasv_enable=YES
pasv_min_port=64000
pasv_max_port=64321
port_enable=YES
pasv_address=<your-static-ip-most-likely-from-elastic-ips>
pasv_addr_resolve=NO

Thanks to the longda!

Upvotes: 4

TheDeveloper
TheDeveloper

Reputation: 422

You want to use passive mode if possible. As I said in the article Bucho linked to, you just have to define a port range for PASV mode and open that range in your EC2 security group

Upvotes: 0

Bucho
Bucho

Reputation: 27

Look at this thread:

http://www.gosquared.com/liquidicity/archives/936

Upvotes: 1

Related Questions