Unable to connect to Filezilla server hosted in Private EC2 windows machine

[urek]

Hi everyone,

I have configured FTP using FileZilla on a private Windows EC2 server, but while trying to connect to it through a different server in same VPC I am getting the below error:
Status: Connecting to x.x.x.x:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Status: Server sent passive reply with unroutable address. Using server address instead.
Command: MLSD
Response: 150 About to start data transfer.

These servers access the internet using NAT gateways. I have already allowed incoming ports on the serve security groups and also on the Windows firewall for 20,21 and 45000-451000 for passive mode have also allowed Filezilla server.exe in the exception list.

once it gets connected from the other servers in the VPC I will add an nlb for the public to access this FTP. Any help would be great !!

Thank you

[botg]

You need to tell the server its public IP address. Please study our Network Configuration guide for further information. You can test the server at https://ftptest.net/

[urek]

Hi thanks for responding, since my server is in a private subnet It is not assigned any public IP. but are you referring to the NAT IP through which it is connecting to internet?

[boco]

It needs the public-facing IP address of the server's network. While not being directly useful for the server, it still needs to know it for telling FTP clients where to connect to for data connections. Without that, the private server address is sent which is useless for the client.

[urek]

I did give it the NAT IP ( the only pubic IP the server will have) but it is still not working.

[botg]

Status: Server sent passive reply with unroutable address. Using server address instead.

Did this message disappear?

[urek]

Yes, but I get below log from client:
Status: Connecting to xx.6.xx7.xx5:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (xx,1xx,1xx,xx3,xx2,x3)
Command: MLSD
Response: 150 About to start data transfer.
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing

[urek]

Thank you for your time, For anyone else who will face a similar issue remember to whitelist the passive port range in the ec2 security group.

Now I will check how can I expose this private instance as FTP server for the public using Network load balancer.

[botg]

Status: Connecting to xx.6.xx7.xx5:21...
...
Response: 227 Entering Passive Mode (xx,1xx,1xx,xx3,xx2,x3)

Very untypical to see different IPs used for control and data connection. Unless the FTP server software itself performs load-balancing with multiple backends, this very likely means that the server has not been told the correct public IP address.