Tuesday, March 15, 2011

How to install an FTP Server on amazon AWS EC2

This seems to be a big issue as people usually waste a lot of time on this.

The problem lies with 2 elements: the security group settings & the ftp server settings.

FTP is not considered a good solution for passing files between EC2 instances and your computer as it is not firewall "friendly" - you can't just open port 21/TCP on the amazon security group settings because the server is actually sitting on a NAT address and when an ftp client connects to an FTP server using PASV mode then the server tells the client which port and which address to use for the data stream (like directory listing).

If you want an alternate easy solution for transferring files between yourself and the EC2 instance then setup a dropbox on both machines - it doesn't get easier than this... :)

If  you still want to set up an FTP server on your EC2 instance then read on...

Typically, people just try to open port 21 and then try to connect and get something similar to:

Status:    Server sent passive reply with unroutable address. Using server address instead.
Command:    MLSD
Response:    425 Can't open data connection.

The solution is (and for this example I will explain how to perform the setting on FileZilla FTP server on windows):
0. Install an FTP server on your amazon instance. For this example i will be using FileZilla FTP server. Just download it(google) and do next->next->next .... until it is finished.

1. Open FileZilla FTP server: Edit-> settings -> Passive mode settings:
 (x) Retrieve external IP from:
       http://ip.filezilla-project.org/ip.php
[ this tells the ftp server to perform a 'whatismyip' and give that to the ftp client, you can also specifically put the address DNS name you use in your remote desktop in the "Use the following IP:", e.g., ec2-6-100-129-60.compute-1.amazonaws.com ]

(x) Use custom port range:
1024-1048

[ these are the ports that will be given to the ftp client - we will open them in the following step in the Firewall ]

2. Amazon security groups: open ports -
   a. Custom TCP rule , Port range:21
   b. Custom TCP rule, Port range:1024-1048

3. Turn off the windows firewall on the EC2 machine (you don't need it - you have the amazon firewall)

That's it, and just as side note, you don't need to use Elastic IP feature for this to work.
Also don't forget to set your client to use PASV mode (which is typically the default).

You can verify this works by reading the answer the server gives the client when it enters PASV mode:

Command:    PASV
Response:    227 Entering Passive Mode (174,149,71,102,4,7)

This response means: "Yo FTP client, use 174.149.71.102 and port 4*256+7=1031"

20 comments:

  1. Great post....thank you. Could you please recommend a good book to learn Amazon AWS? I want to understand how to deploy my existing php website on Amazon EC2/AWS and add/remove boxes when needed.

    ReplyDelete
  2. i haven't seen a good book about the subject - part of the reason would be probably that they are very dynamic and change very fast in AWS.
    If you want to install php there, i usually install IIS there (i have another blog post on that - although today it is easier to add iis) and add php module to it so i can have aspx and php on the site together.

    ReplyDelete
  3. And if you are a total plonker (like myself) don't forget to allow the ports through Windows Firewall (When using FileZilla)

    Thanks for the post.

    Rich

    ReplyDelete
  4. you are very correct Rich, I just shutdown the windows firewall because Amazon has their own firewall...

    ReplyDelete
  5. guess you skipped the install part.

    ReplyDelete
  6. oops :), Okay too obvious for me ... step 0. run filezilla server installation, do next next next, open administration console.

    ReplyDelete
  7. Hi, I'm having this problem.

    Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server".
    Error: Could not connect to server

    Do you know why?

    ReplyDelete
    Replies
    1. ive had this before because i by accident inserted something at the top of my configuration file. If you running linux type: sudo vsftpd
      you will see the error.

      Delete
  8. Thank you thedrs!
    What about linux instances?

    ReplyDelete
  9. Thank you, this helped a lot!

    ReplyDelete
  10. Very helpful post. How do you setup Dropbox on a Linux EC2 host?

    ReplyDelete
  11. Note that using DropBox on EC2 can be expensive. Dropbox uses a ton of I/O, especially if you are constantly updating files.

    ReplyDelete
  12. Great post, really saved me! Thanks man!!!

    ReplyDelete
  13. worked first time - thanks!

    ReplyDelete
  14. Thank you,Now FTP is working..........

    ReplyDelete
  15. Super helpful, thanks! I was trying all kinds of settings that didn't seem to help, and your post made me realize that it was the Windows Server firewall that was causing the problem (additional ports for passive mode weren't open in the Windows firewall, even though I had opened them in the AWS security group).

    ReplyDelete
  16. One of the biggest challenges that organizations face today is having inaccurate data and being unresponsive to the needs of the Amazon AWS Users Email List organization.

    ReplyDelete

Feel free to comment. No links/URLs allowed in comments.