Home > Net >  IIS FTP behind AWS VPC Endpoint
IIS FTP behind AWS VPC Endpoint

Time:01-07

Giving context: I have a FTP server running in IIS in a WS2019 EC2 instance in VPC A that needs to be accessed by VPCs B and C. While the last one is in GCP, A and B are in AWS.

  • VPCs A and B have a peering connection.
  • VPCs B and C are connected through a VPN.
  • VPC C doesn't exchange data with A, except for this FTP server; therefore, sustaining a VPN is expensive for what I need.

I followed this guideline to build the NLB in VPC A, then attached it to a VPC endpoint in VPC B.

How to run an FTPS server behind the AWS Network Load Balancer | by Michael Kirk | Medium

When I test the TCP connection, it works just fine

PS C:\Users\johndoe> Test-NetConnection -ComputerName vpce-0948b61f1f991b98b-1w539hu9.vpce-svc-0ed1458eb15584b09.us-east-1.vpce.amazonaws.com -Port 21


ComputerName     : vpce-0948b61f1f991b98b-1w539hu9.vpce-svc-0ed1458eb15584b09.us-east-1.vpce.amazonaws.com
RemoteAddress    : 10.70.255.253
RemotePort       : 21
InterfaceAlias   : WAN
SourceAddress    : 10.58.32.20
TcpTestSucceeded : True

But, when I try to connect through the FTP client, I receive the following error message:

Status: Resolving address of vpce-0948b61f1f991b98b-1w539hu9.vpce-svc-0ed1458eb15584b09.us-east-1.vpce.amazonaws.com
Status: Connecting to 10.70.255.253:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is current directory.
Command:    TYPE I
Response:   200 Type set to I.
Command:    PASV
Response:   227 Entering Passive Mode (10,74,163,58,43,209).
Command:    LIST
Response:   150 Opening BINARY mode data connection.
Error:  Connection timed out after 20 seconds of inactivity
Error:  Failed to retrieve directory listing

Does it make a difference if my passive mode answers with the public or the private IP address? I've checked all the security groups and route tables...

Can someone help me figure out what's going on, please?

CodePudding user response:

You need to understand FTP Passive Mode. The FTP client is connecting to the FTP server at 10.70.255.253:21. The FTP Server is setting up an IP/Port for the LIST command 10.74.163.43:209 and waiting.

The FTP Client is supposed to connect to that IP:PORT. It is not initiating a connection and the FTP server times out after 20 seconds.

Notice the address that the FTP Client is connecting for the command connection (10.70.255.253) to is not the same address (10.74.163.43) the server thinks it should reply with for data transfer commands. You have a configuration problem with the FTP server.

Note: Since the FTP Client is connecting to the FTP Server for data transfer commands on a different port than 21, you must also allow those ingress ports thru the firewall.

Note: Most FTP clients will not connect to a different IP address for security reasons.

Page link:https//www.codepudding.com/net/254251.html

Prev:AWS CDK CodePipeline add a stage between Source and Build
Next:How to use row_number to count dates after a desired anchor date?
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding