Adam Howitt's Blog

Mar 18
2008

PASV mode FTP on Amazon EC2 with VSFTP

At : 2:26 PM | Link | Amazon EC2 | Comments (4) | Send | 3399 Views |

I've just spent the better part of an hour bashing my head against an FTP problem with Amazon EC2 so I thought I'd share the answer.

The problem was that active mode FTP kept crashing when I tried to use Beyond Compare to compare my local machine to my Amazon EC2 hosted  site.  I would get

500 Illegal PORT command
when using active and frequently saw suggestions to use PASV mode instead.

PASV mode on Ubuntu's default VSFTP installation is enabled by default but the default is to use any available pair of ports to handle passive mode.  Since Amazon locks down all ports except those you open manually my requests were being denied. I don't want to open up all ports on the server for the potential that a client tries to connect on any port.

You can force VSFTP to use a set range of ports for passive support by editing your /etc/vsftpd.conf to specify a port range.  I've used 15393-4 here:

# Passive support
pasv_min_port=15393
pasv_max_port=15394

Restart VSFTP

/etc/init.d/vsftpd restart

Open your Amazon EC2 firewall ports as specified. I do this using the firefox plugin EC2UI to accept the range 15393-4.

Lastly go to beyond compare Tools > Options > FTP > Firewall / Proxy and check the Passive Mode box.

Tada! 

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
[Add Comment] [Subscribe to Comments]
  1. Use SFTP! dude!

    Posted By Evert : Posted At 3/19/08 6:19 PM
  2. Hey Evert. Thanks for the suggestion. Unfortunately, I LOVE my diff tool Beyond Compare and unless I'm mistaken it can't handle SFTP.

    In case there is a crackin SFTP client out there I'm unaware of, my fave features in an FTP client are the local > remote, remote > remote, local > local comparisons including shell integration. On screen diff capabilities with the ability to push one changed line ignoring other changes are the other feature built in to Beyond Compare. So what do you use for SFTP? Can it meet the specs?

    Posted By Adam Howitt : Posted At 3/19/08 10:26 PM
  3. For those purposes I solely rely on ssh =)

    sftp is a ssh app, so thats solely for file transfer, you can run pretty much any app over the protocol, including diffs

    Posted By Evert : Posted At 3/19/08 11:11 PM
  4. I probably spent more than two hours trying to figure out the same error in FTP Services on IIS 6.0. The only thing I needed to do was to change the in Beyond Compare FTP options to use active instead of passive. Thanks a lot for writing this experience.

    Posted By Geo : Posted At 3/23/09 2:10 PM
[Add Comment]