By using AWS re:Post, you agree to the Terms of Use

ftp error 500 I won't open a connection to private ip but public ip

0

I am trying to connect ftp from aws windows server to linux server with ftp in command terminal and I am able to login but unable to load any file there. The error is as below :-- ftp> open x.x.x.x Connected to x.x.x.x 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 2 of 50 allowed. 220-Local time is now 07:39. Server port: 21. 220-This is a private system - No anonymous login 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. User (x.x.x.x:(none)): 331 User mysqldesigners OK. Password required

230 OK. Current restricted directory is / ftp> prompt n Interactive mode Off . ftp> quote PASV 227 Entering Passive Mode (x,x,x,x,236,118) ftp> binary 200 TYPE is now 8-bit binary ftp> cd sqlbackup/SqlServerBackups/daily 250 OK. Current directory is /sqlbackup/SqlServerBackups/daily ftp> mput "c:/SQLServerBackups/SQLDB_BACKUP.7z" 500 I won't open a connection to x.x.x.x private IP (only to x.x.x.x public IP)

425 No data connection I have disabled windows firewall and opened port 21 in aws security inbound and outbound rules but still there is same error. Although I am able to connect ftp location from windows explorer in aws windows server without any issue but in terminal there is error. Could some one help me to resolve this error at aws windows server. Thanks, Somesh

3 Answers
0

Hi Somesh,

I understand that you are are getting an ftp error 500 that won't open a connection to private ip but only public ip.

Please make sure that you have attached an Elastic IP to your Windows EC2 instance so that your instance can have a static ip address. In order to attach an Elastic Ip to your instance, please refer to the reference [1].

To transfer files using a client, see reference [2].

Verify that the application is running properly and is listening on the correct network port. If the application is stopped, start it. 

To accept traffic on a port, an EC2 Windows instance must host an application or service that listens on the specified port. From the EC2 Windows instance that is hosting the service, run the netstat command to display active connections and ports.

References:

[1] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html

[2] https://docs.aws.amazon.com/transfer/latest/userguide/transfer-file.html

I hope this helps.

answered 2 months ago
0

Hi Asenathi, Thanks for your reply. I have already set elastic IP for the windows instance and using windows built in ftp client in windows command terminal. All necessary ports are open and windows firewall is off but still get the same error. netstat tells that TCP 172.31.23.57:56316 server:ftp ESTABLISHED Also I am able to make ftp connection from windows explorer but the issue is in terminal with ftp script. Only then I get error. C:\Users\Administrator>ftp 1.2.3.4 Connected to 109.203.108.4. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 1 of 50 allowed. 220-Local time is now 11:17. Server port: 21. 220-This is a private system - No anonymous login 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. User (1.2.3.4:(none)): abc 331 User abc OK. Password required Password: 230 OK. Current restricted directory is / ftp> pwd 257 "/" is your current location ftp> dir 500 I won't open a connection to 172.31.23.57 (only to 3.4.5.6) 425 No data connection ftp> Thanks, Somesh

answered 2 months ago
0

It looks like you are using Active mode FTP connection. With Active mode, the server has to connect to the client for a data connection. This is not possible in cases where the client is behind a NAT or Firewall. In that case, the client will send its private IP but the server sees the NATed public IP of the client. Try to use Passive mode connection where client will make both control ( port 21) and data connection to the server. You need to configure the Pure-FTPd server to use a predefined passive port range so that you can open those ports in the EC2 Security group ingress.

Following articles has a neat explanation of Active vs Passive FTP.

[1] https://www.jscape.com/blog/active-v-s-passive-ftp-simplified

[2] https://docs.cpanel.net/knowledge-base/ftp/how-to-enable-ftp-passive-mode/

If you are using the EC2 instance only as a FTP server, you may also try the AWS Transfer Family for FTP. This is a managed service and you do not need to configure the FTP server or the instance by yourself. For more details, refer tof following documentation.

https://docs.aws.amazon.com/transfer/latest/userguide/what-is-aws-transfer-family.html

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions