I recently set up a new Windows server inside the Google Compute Engine, and am trying to establish an outbound unsecured FTP connection from the VM to an FTP server hosted on the Internet.
I am able to connect and log in, but as soon as I try to send/download a file or do a simple directory listing, I receive one of several errors, including: a) Connection closed by remote host, b) Illegal port command, or c) Unable to build data connection: Connection refused. WireShark confirms that the problem happens when the FTP client attempts to establish a connection over the data channel, TCP port 20.
I have tried this with three different sites on the Internet that all work fine from my laptop and servers hosted outside of Google Compute on different Internet connections without any problems. I also tried configuring the system to use a SOCKS proxy server for FTP, and got the same results. I also tried routing the traffic across a site to site VPN to a router at another site, where I am able to successfully connect to the FTP server.
I ultimately set up an L2TP/IPSec Windows client VPN connection from the Google Compute Engine VM to a router at another site, and am able to access teh FTP site sucessfully. I've been through the firewall rules and routes in Google Compute Engine several times.
Is anyone aware of a Google policy that blocks outbound unsecured FTP connections? I know that they essentially enforce secure mail connections, and am wondering if a similar policy applies here. I also prefer secure FTP, but in this case, the vendor on the other end only supports insecure FTP.
Thank you in advance.
