ftp error 500 I won't open a connection to private ip but public ip

Hi Somesh,

I understand that you are are getting an ftp error 500 that won't open a connection to private ip but only public ip.

Please make sure that you have attached an Elastic IP to your Windows EC2 instance so that your instance can have a static ip address. In order to attach an Elastic Ip to your instance, please refer to the reference [1].

To transfer files using a client, see reference [2].

Verify that the application is running properly and is listening on the correct network port. If the application is stopped, start it. 

To accept traffic on a port, an EC2 Windows instance must host an application or service that listens on the specified port. From the EC2 Windows instance that is hosting the service, run the netstat command to display active connections and ports.

References:

[1] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html

[2] https://docs.aws.amazon.com/transfer/latest/userguide/transfer-file.html

I hope this helps.

Hi Asenathi, Thanks for your reply. I have already set elastic IP for the windows instance and using windows built in ftp client in windows command terminal. All necessary ports are open and windows firewall is off but still get the same error. netstat tells that TCP 172.31.23.57:56316 server:ftp ESTABLISHED Also I am able to make ftp connection from windows explorer but the issue is in terminal with ftp script. Only then I get error. C:\Users\Administrator>ftp 1.2.3.4 Connected to 109.203.108.4. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 1 of 50 allowed. 220-Local time is now 11:17. Server port: 21. 220-This is a private system - No anonymous login 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. User (1.2.3.4:(none)): abc 331 User abc OK. Password required Password: 230 OK. Current restricted directory is / ftp> pwd 257 "/" is your current location ftp> dir 500 I won't open a connection to 172.31.23.57 (only to 3.4.5.6) 425 No data connection ftp> Thanks, Somesh

It looks like you are using Active mode FTP connection. With Active mode, the server has to connect to the client for a data connection. This is not possible in cases where the client is behind a NAT or Firewall. In that case, the client will send its private IP but the server sees the NATed public IP of the client. Try to use Passive mode connection where client will make both control ( port 21) and data connection to the server. You need to configure the Pure-FTPd server to use a predefined passive port range so that you can open those ports in the EC2 Security group ingress.

Following articles has a neat explanation of Active vs Passive FTP.

[1] https://www.jscape.com/blog/active-v-s-passive-ftp-simplified

[2] https://docs.cpanel.net/knowledge-base/ftp/how-to-enable-ftp-passive-mode/

If you are using the EC2 instance only as a FTP server, you may also try the AWS Transfer Family for FTP. This is a managed service and you do not need to configure the FTP server or the instance by yourself. For more details, refer tof following documentation.

https://docs.aws.amazon.com/transfer/latest/userguide/what-is-aws-transfer-family.html