425 Failed to establish connection. Error EElFTPSError: Invalid server reply

0

I'm trying to configure a ftp server on a EC2 instance (Amazon Linux 2 AMI). I followed some steps I found online but I getting the following error message:

FTP login with username rcmv2
<<<  220 (vsFTPd 3.0.2)
>>>  USER rcmv2
<<<  331 Please specify the password.
>>>  PASS ***********
<<<  230 Login successful.
>>>  FEAT
<<<  211-Features:
 EPRT
 EPSV
 MDTM
 PASV
 REST STREAM
 SIZE
 TVFS
 UTF8
211 End
>>>  CWD .
<<<  250 Directory successfully changed.
>>>  PWD
<<<  257 "/"
>>>  CWD /
<<<  250 Directory successfully changed.
>>>  PWD
<<<  257 "/"
Opening directory /...
>>>  PWD
<<<  257 "/"
>>>  CWD /
<<<  250 Directory successfully changed.
>>>  TYPE A
<<<  200 Switching to ASCII mode.
>>>  PASV
<<<  227 Entering Passive Mode (0,0,0,0,4,23).
>>>  LIST
>>>  ABOR
>>>  CWD /
<<<  425 Failed to establish connection.
Error EElFTPSError: Invalid server reply

This is the content of my vsftpd.conf:

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
allow_writeable_chroot=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
userlist_file=/etc/vsftpd/user_list
userlist_deny=NO
pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_address=xx.xxx.xxx.xx
user_sub_token=$USER
local_root=/home/$USER/ftp

These are my EC2 instance inbound rules: Enter image description here

There are the groups of my ftp user:

# groups rcmv2
rcmv2 : rcmv2 root

The permissions of the /home/rcmv2/ftp directory:

# ls -l
total 0
drwxrwxrwx 3 rcmv2 rcmv2 19 Jul 12 10:14 ftp

The permissions of the /home/rcmv2/ftp/files directory:

# ls -l
total 0
drwxrwxrwx 2 rcmv2 rcmv2 6 Jul 12 10:14 files

The user 'rcmv2' is included in the '/etc/vsftpd/user_list' file. I think its something related with the permissions. Can someone help me to understand what is wrong?

2 Answers
0

If you are using a self-managed FTP server running on EC2, then AWS won't control the permissions. You will have to rather use the documentation of the FTP server to debug. As you rightly mentioned, you will need to ensure all ports required by the FTP server are allowed in the security group of the EC2.

There is an alternative that I can propose. A fully managed FTP service by AWS. Have you looked at AWS Transfer Family - https://aws.amazon.com/aws-transfer-family/

There is a tutorial https://docs.aws.amazon.com/transfer/latest/userguide/getting-started.html that can help you get started.

If you like my answer, please upvote and accept it. Thanks

profile pictureAWS
EXPERT
answered 2 years ago
0

I solved the issue. It seems the problem was with the firewall. In CentOS 7, to solve this firewall issue first I need to find the zone. Find your zone:

# firewall-cmd --get-active-zones
public
  interfaces: eth0

My zone is 'public', so I set my zone to public, add the port range configured on the vsftp.conf file, and after that just reload:

# firewall-cmd --permanent --zone=public --add-port=1024-1048/tcp
# firewall-cmd --reload

Restarted the vsftp service and it worked.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions