AWS EC2 Passive FTP - Server sent passive reply with unroutable address. Using server address instead

amazon-web-services amazon-ec2 ftp pureftpd
Code Junkie picture Code Junkie · Feb 6, 2015 · Viewed 14k times · Source

I have pureftp running on an AWS ec2 instance. I'm trying to get it to run in passive mode which I thought was working, however I'm finding it may not be working correctly. I'm receiving the following error in FileZilla

Status:         Connected
Status:         Retrieving directory listing...
Status:         Server sent passive reply with unroutable address. Using server address instead.
Status:         Directory listing of "/" successful

The odd part is some people are unable to log in while others are.

I have the following pureftp configuration

Port Range

#Port range for passive connections replies. - for firewalling.

PassivePortRange `50000 50100`

PASV IP

#Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
#Symbolic host names are also accepted for gateways with dynamic IP
#addresses.

ForcePassiveIP            `ftp.mydomain.com` "my cname record is mapped to my ec2 public dns"

When I view the local port range on the server, /proc/sys/net/ipv4/ip_local_port_range the following are open.

32768   61000

My ec2 security group has port 50000 - 50100 open

When I view my server logs I don't see much other than this every once in a while. 

Feb  5 08:57:41 ip-172-11-42-52 dhclient[1062]: DHCPREQUEST on eth0 to 172.11.32.1 port 67 (xid=0x601547fd)
Feb  5 08:57:41 ip-172-11-42-52 dhclient[1062]: DHCPACK from 172.11.32.1 (xid=0x601547fd)
Feb  5 08:57:43 ip-172-11-42-52 dhclient[1062]: bound to 172.11.42.52 -- renewal in 1417 seconds.

Anybody have any idea where things might be going wrong?

Answer

lm5050 picture lm5050 · Jun 26, 2020

Server sent passive reply with unroutable address. Using server address instead

This solved the error for me to get FTP working on AWS EC2 by adding the following lines to etc/vsftpd.conf

pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_addr_resolve=YES
pasv_address=XX.XX.XX.XX

XX.XX.XX.XX is set to the elastic IP assigned as the public address for the instance.

Ports in range 1024-1048 and 20-21 created as Custom TCP inbound rules allowing connections from anywhere.

FTP server is running vsftpd on an Ubuntu EC2 accessed with Filezilla client.

Related questions

Setting up FTP on Amazon Cloud Server

I am trying to set up FTP on Amazon Cloud Server, but without luck. I search over net and there is no concrete steps how to do it. I found those commands to run: $ yum install vsftpd $ ec2-authorize default …

Read More
AWS: Mount S3 Bucket to an EC2 instance. (Later FTP Tunneling)

what do I want to do? Step1: Mount a S3 Bucket to an EC2 Instance. Step2: Install a FTP Server on the EC2 Instance and tunnel ftp-requests to files in the bucket. What did I do so far? create bucket …

Read More
Permission denied (publickey) when SSH Access to Amazon EC2 instance

I want to use my Amazon ec2 instance but faced the following error: Permission denied (publickey). I have created my key pair and downloaded .pem file. Given: chmod 600 pem file. Then, this command ssh -i /home/kashif/serverkey.pem ubuntu@…

Read More