Enable passive mode for Pure-ftpd on AWS

One of the issues you encounter when installing FTP servers on AWS is that you need to user Active mode to transfer files, while traditionally FTP clients tend to use Passive mode (PASV). This is caused by the fact that each instance has an external IP that you get access to and another internal IP, which is used by the FTP server. When the client requests PASV mode, the server replies with the internal IP, which of course is non-routable(is that the correct word?).

Fixing this is quite easy, it involves a little bit of editing Security Groups from AWS Console and adding a couple of lines.

First of all you will need to determine what port range you can use for PASV mode, so execute this command:

cat /proc/sys/net/ipv4/ip_local_port_range

You must choose a range that’s *not* in the interval returned by the command. I will use 10000 – 10100.
Now you will need to find out your external IP. Either request an Elastic IP and attach it to the instance or ping your “Public DNS”(available in the AWS Console, when you select the instance). Write it down somewhere.

Now open the required ports from your “Security Groups”, by adding the following rules:

Custom TCP Rule Ports 20-21
Custom TCP Rule Ports 10000-10100

Don’t forget to “Apply Rule Changes”!!!
Depending on your pure-ftpd installation you may have your FTP server configuration either in /etc/pure-fptd.conf or in /etc/pure-ftpd/conf/*. If you have your configuration in a single file (/etc/pure-ftpd.conf) then you will need to add these 2 lines:

PassivePortRange 10000 10100
ForcePassiveIP YOUR_EXTERNAL_IP_HERE

If you have your configuration in /etc/pure-ftpd/conf/* simply create two files, named after the options you want to change and insert the values into them:

echo "10000 10100" > /etc/pure-ftpd/conf/PassivePortRange
echo "YOUR_EXTERNAL_IP_HERE" > /etc/pure-ftpd/conf/ForcePassiveIP

Obviously you will need to replace YOUR_EXTERNAL_IP_HERE with your real external IP.

Now restart your FTP server and check that you see something similar to “-P YOUR_EXTERNAL_IP -p 10000:10100” in the parameter list. If everything went ok, congratulations!

service pure-ftpd-mysql restart

Your email address will not be published. Required fields are marked *