0

I have configured AWS EC2 instance to be a FTP servers(Passive Mode) and attached a Load balancer target group to the instances. The loadbalancer listener port is 21. The problem I face is the my cellular device is unable to create a data connection with the FTP server the connection times out after the PASV command although the server sends the response as available from the logs. This is not seen while using a wifi connection. Everything works smoothly when using filezilla on my laptop although the when using mobile hotspot a completely new error occurs(Added Below). I have checked the cellular FTP connection without loadbalancer and it works fine.

Status: Resolving address of ftp-loadbalancer-b66f394783ab4656.elb.us-east-1.amazonaws.com
Status: Connecting to [64:ff9b::3e5:5d75]:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/"
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    EPSV
Response:   229 Entering Extended Passive Mode (|||43735|).
Command:    LIST
Error:  Connection timed out after 20 seconds of inactivity
Error:  Failed to retrieve directory listing
Status: Disconnected from server
Status: Resolving address of ftp-loadbalancer-b66f394783ab4656.elb.us-east-1.amazonaws.com
Status: Connecting to [64:ff9b::3e5:5d75]:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/"
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    EPSV
Response:   229 Entering Extended Passive Mode (|||42066|).
Command:    LIST
Error:  Connection timed out after 20 seconds of inactivity
Error:  Failed to retrieve directory listing

Thanks

Improve this question

1 Answer 1

Reset to default
0

I assume your office wifi has a SG (security group) rule in there allowing traffic to the port from your office IP range?

Use whatsmyip.com to find out your where you cell phone is coming from, then add the SG rule. and port.

Use nmap to see if indeed you can get to the port. I typically always use stealth scans

nmap -sS (AWS public IP you are going to)

If you have AWS firewall rules / security groups or any firewall appliances in AWS you will need to open access to the following ports: Port: 21 (Used for FTP) Port: 990 (Used for FTPS) Passive Port Range: 50000 – 51000 (Used for data transfer)

https://cloudinfrastructureservices.co.uk/how-to-setup-ftp-server-on-amazon-aws-windows-ec2-instance/#:~:text=If%20you%20have%20AWS%20firewall,51000%20(Used%20for%20data%20transfer)

Improve this answer
7
  • 1
    For testing purpose i already have enabled all the ports and source IP on the ec2 SG
    – Altamash Abdul Rahim
    Commented Nov 19, 2020 at 17:37
  • I just added to the answer, try to see if you can see the open port. youtube.com/watch?v=E0QHUWgeA3M
    – Mark Scheck
    Commented Nov 20, 2020 at 8:44
  • I can reach the port and ec2 instane in command mode as seen from ftp server log and client logs but the error arises after the client executes PASV command for data connection the server sends the PASV ip address and port but these details are not seen in the client logs and the connection timesout.
    – Altamash Abdul Rahim
    Commented Nov 21, 2020 at 7:14
  • So is the client firewall blocking it? I would turn it off to test. Make sure you have both ftp port open.
    – Mark Scheck
    Commented Nov 21, 2020 at 8:58
  • 1
    I believe the client firewall blocking the PASV reply is the only logical solution although i really dont know how to verify that on a cellular gsm module.
    – Altamash Abdul Rahim
    Commented Nov 23, 2020 at 7:03

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .