up vote 5 down vote favorite
1

I'm running a server on AWS and I'm connecting out to a partner's FTP site (not much idea what they are running). My server has an elastic IP. In the results below xx.xx.xx.xx is the internal IP (same as I get from IPConfig). yy.yy.yy.yy is the external IP (same as I am RDPed into).

Connected to ftp.site.com.
220---------- Welcome to Pure-FTPd [privsep] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 22:47. Server port: 21.
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
User (ftp.site.com:(none)): someuser
331 User someuser OK. Password required
Password:
230 OK. Current restricted directory is /
ftp> literal pasv
227 Entering Passive Mode (69,28,68,87,255,170)
ftp> ls
500 I won't open a connection to xx.xx.xx.xx (only to yy.yy.yy.yy)

I tried PASV mode, but it's not working.

I have nothing open on my security group except the RDP.

Windows Firewall is running on the server as well with what looks like Amazon's default configuration.

Once I get this connection working I will probably be FTPing data from an SSIS package to their server, FWIW.

I know FTP is quirky through NAT like this with the connections being opened coming back. What do I need to do?

share|improve this question
    
You forgot to mention the operating system of your machine, and the FTP client you are using. – Michael Hampton Sep 10 '13 at 3:28
    
Windows Server 2008, command-line ftp to test the connection and see the folder names, then I'll be using the SSIS FTP or something to automate the process. – Cade Roux Sep 10 '13 at 3:48
up vote 4 down vote accepted

The command line FTP client built into Windows doesn't support passive mode at all. Those hacks you found on the Internet about literal pasv or quote pasv don't actually do anything as far as the FTP client is concerned; they tell the server to enter passive mode, but the client remains blissfully unaware. You'll need to obtain a third party FTP client.

share|improve this answer
up vote 0 down vote

The trouble is that your pasv command is telling the server to connect to the internal ip. Not your external ip. That won't work for two reasons.

  1. The server cannot see your internal ip.
  2. While the ftp protocol does support you setting up the data connection to talk to a different ip from the control connection. Most servers now refuse to honour it (for security reasons) some will simply ignore the ip and only use the port. Others like this one will just refuse to accept the command.
share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.