I have setup AWS Transfer family using a NLB, VPC, subnet, etc. I can connect, authenticate, and attempt to list the "directory" but it times out when trying to list.
FileZilla debug
10:29:36 Status: Connection established, waiting for welcome message...
10:29:36 Trace: CFtpControlSocket::OnReceive()
10:29:36 Response: 220 Service ready for new user.
10:29:36 Trace: CFtpLogonOpData::ParseResponse() in state 1
10:29:36 Trace: CControlSocket::SendNextCommand()
10:29:36 Trace: CFtpLogonOpData::Send() in state 2
10:29:36 Command: AUTH TLS
10:29:36 Trace: CFtpControlSocket::OnReceive()
10:29:36 Response: 431-Welcome to the Epic CleanTec FTP server
10:29:36 Response: 431 Service is unavailable.
10:29:36 Trace: CFtpLogonOpData::ParseResponse() in state 2
10:29:36 Trace: CControlSocket::SendNextCommand()
10:29:36 Trace: CFtpLogonOpData::Send() in state 3
10:29:36 Command: AUTH SSL
10:29:36 Trace: CFtpControlSocket::OnReceive()
10:29:36 Response: 431 Service is unavailable.
10:29:36 Trace: CFtpLogonOpData::ParseResponse() in state 3
10:29:36 Status: Insecure server, it does not support FTP over TLS.
10:29:36 Trace: CControlSocket::SendNextCommand()
10:29:36 Trace: CFtpLogonOpData::Send() in state 5
10:29:36 Trace: CFtpControlSocket::SetAsyncRequestReply
10:29:36 Trace: CControlSocket::SendNextCommand()
10:29:36 Trace: CFtpLogonOpData::Send() in state 6
10:29:36 Command: USER ECT_FTP_User
10:29:36 Trace: CFtpControlSocket::OnReceive()
10:29:36 Response: 331 User name okay, need password for ECT_FTP_User.
10:29:36 Trace: CFtpLogonOpData::ParseResponse() in state 6
10:29:36 Trace: CControlSocket::SendNextCommand()
10:29:36 Trace: CFtpLogonOpData::Send() in state 6
10:29:36 Command: PASS ****************
10:29:38 Trace: CFtpControlSocket::OnReceive()
10:29:38 Response: 230 User logged in, proceed.
10:29:38 Trace: CFtpLogonOpData::ParseResponse() in state 6
10:29:38 Trace: CControlSocket::SendNextCommand()
10:29:38 Trace: CFtpLogonOpData::Send() in state 10
10:29:38 Command: OPTS UTF8 ON
10:29:38 Trace: CFtpControlSocket::OnReceive()
10:29:38 Response: 200 Command OPTS okay.
10:29:38 Trace: CFtpLogonOpData::ParseResponse() in state 10
10:29:38 Trace: CControlSocket::SendNextCommand()
10:29:38 Trace: CFtpLogonOpData::Send() in state 13
10:29:38 Command: OPTS MLST size;modify;type;
10:29:38 Trace: CFtpControlSocket::OnReceive()
10:29:38 Response: 200 Command OPTS okay.
10:29:38 Trace: CFtpLogonOpData::ParseResponse() in state 13
10:29:38 Status: Logged in
10:29:38 Trace: Measured latency of 513 ms
10:29:38 Trace: CFtpControlSocket::ResetOperation(0)
10:29:38 Trace: CControlSocket::ResetOperation(0)
10:29:38 Trace: CFtpLogonOpData::Reset(0) in state 15
10:29:38 Trace: CFileZillaEnginePrivate::ResetOperation(0)
10:29:38 Trace: CControlSocket::SendNextCommand()
10:29:38 Trace: CFtpListOpData::Send() in state 0
10:29:38 Status: Retrieving directory listing of "/epiccleantec-data"...
10:29:38 Trace: CFtpChangeDirOpData::Send() in state 0
10:29:38 Trace: CFtpChangeDirOpData::Send() in state 2
10:29:38 Command: CWD /epiccleantec-data
10:29:39 Trace: CFtpControlSocket::OnReceive()
10:29:39 Response: 250 Directory changed to /epiccleantec-data
10:29:39 Trace: CFtpChangeDirOpData::ParseResponse() in state 2
10:29:39 Trace: CFtpControlSocket::ResetOperation(0)
10:29:39 Trace: CControlSocket::ResetOperation(0)
10:29:39 Trace: CFtpChangeDirOpData::Reset(0) in state 2
10:29:39 Trace: CFtpListOpData::SubcommandResult(0) in state 1
10:29:39 Trace: CControlSocket::SendNextCommand()
10:29:39 Trace: CFtpListOpData::Send() in state 2
10:29:39 Trace: CFtpRawTransferOpData::Send() in state 0
10:29:39 Trace: CFtpRawTransferOpData::Send() in state 1
10:29:39 Command: TYPE I
10:29:39 Trace: CFtpControlSocket::OnReceive()
10:29:39 Response: 200 Command TYPE okay.
10:29:39 Trace: CFtpRawTransferOpData::ParseResponse() in state 1
10:29:39 Trace: CControlSocket::SendNextCommand()
10:29:39 Trace: CFtpRawTransferOpData::Send() in state 2
10:29:39 Command: PORT 192,168,0,41,226,182
10:29:39 Trace: CFtpControlSocket::OnReceive()
10:29:39 Response: 502 Command PORT not implemented.
10:29:39 Trace: CFtpRawTransferOpData::ParseResponse() in state 2
10:29:39 Trace: CControlSocket::SendNextCommand()
10:29:39 Trace: CFtpRawTransferOpData::Send() in state 2
10:29:39 Command: PASV
10:29:39 Trace: CFtpControlSocket::OnReceive()
10:29:39 Response: 227 Entering Passive Mode (54,176,120,190,32,2)
10:29:39 Trace: CFtpRawTransferOpData::ParseResponse() in state 2
10:29:39 Trace: CControlSocket::SendNextCommand()
10:29:39 Trace: CFtpRawTransferOpData::Send() in state 4
10:29:39 Trace: Binding data connection source IP to control connection source IP 192.168.0.41
10:29:39 Command: MLSD
10:29:39 Trace: CFtpControlSocket::OnReceive()
10:29:39 Response: 150
10:29:39 Trace: CFtpRawTransferOpData::ParseResponse() in state 4
10:29:39 Trace: CControlSocket::SendNextCommand()
10:29:39 Trace: CFtpRawTransferOpData::Send() in state 5
10:30:00 Error: The data connection could not be established: ETIMEDOUT - Connection attempt timed out
10:30:00 Trace: CTransferSocket::TransferEnd(3)
WinSCP log
2023-11-20 10:42:29.917 Using FTP protocol.
. 2023-11-20 10:42:29.917 Doing startup conversation with host.
> 2023-11-20 10:42:29.933 PWD
< 2023-11-20 10:42:29.964 257 "/" is current directory.
. 2023-11-20 10:42:29.964 Got reply 1 to the command 16
. 2023-11-20 10:42:29.964 Getting current directory name.
. 2023-11-20 10:42:29.993 Session upkeep
. 2023-11-20 10:42:29.993 Retrieving directory listing...
> 2023-11-20 10:42:29.993 TYPE A
< 2023-11-20 10:42:30.026 200 Command TYPE okay.
> 2023-11-20 10:42:30.027 PASV
< 2023-11-20 10:42:30.079 227 Entering Passive Mode (54,176,120,190,32,6)
> 2023-11-20 10:42:30.079 MLSD
. 2023-11-20 10:42:30.079 Connecting to 54.176.120.190:8198 ...
< 2023-11-20 10:42:30.114 150
. 2023-11-20 10:42:45.656 Timeout detected. (data connection)
. 2023-11-20 10:42:45.656 Could not retrieve directory listing
. 2023-11-20 10:42:45.656 Got reply 1004 to the command 2
* 2023-11-20 10:42:45.756 (EFatal) **Lost connection.**
* 2023-11-20 10:42:45.756 Timeout detected. (data connection)
* 2023-11-20 10:42:45.756 Could not retrieve directory listing
* 2023-11-20 10:42:45.756 Error listing directory '/'.
I am not sure why it cannot list the contents of the s3. This worked when I had it as an SFTP using the same settings, but didn't have an NLB.
From where are you running FileZilla and WinSCP?
According to https://repost.aws/knowledge-center/aws-sftp-endpoint-type a plain FTP endpoint (as opposed to SFTP or FTPS) can only be provisioned in a VPC with internal access over Direct Connect or VPN.
So it would be helpful to know how you are accessing it.
There was another user with a similar (but not identical) question a couple of months ago, can you check if you are running FileZilla and WinSCP in passive mode https://repost.aws/questions/QUfyHRwryoTRaQqhtyInAekg/pubblish-ftp-on-the-web
If it's FTP then it has to be non-internet-facing, there wasn't really a choice.
There's discussion of another similar (but again, not identical) question here, and worth noting that while port 21 is inbound from the FileZilla machine to AWS Transfer, port 20 is outbound from AWS Transfer. So the routing table & security groups need to be setup to allow that https://repost.aws/questions/QUZ7vZkxClSZyzC4WwdR5bRQ/host-https-ftp-on-public-internet
I am using a NLB to get around the issue of the dumb choice they made to make this non-internet facing. I am accessing it from the internet via the NLB DNS. I have a listener on 21 which sends the traffic on to the FTP server. I have essentially followed https://artem.services/?p=2086&lang=en (sorry pasted the wrong blog before)
I have 20-21 open in the SG and ACL to all IPV4
As well as ports 8192–8200 ?