2

I have an instance running Ubuntu 16.0.4 LTS on Google Compute Engine with port 21 open to it. I have installed vsftpd on it, added a user for the FTP service, and set the directory permissions to full access for the user. I am able to connect to the FTP server via command prompt using ftp $IP_ADDRESS and log in with the username and password.

Once in this way I am able to download and upload files as well as create and managed directories as needed. However, if I try to access the FTP server with Windows explorer using ftp://$IP_ADDRESS, I get prompted for username and password as expected, but when I enter them, the server resets the connection immediately and I receive a message stating:

An error occurred opening that folder on the FTP Server. Make sure that you have permission to access that folder. Details: The connection with the server was reset.

Below are the contents of my vsftpd.conf file. How do I make this accessible from Windows Explorer?

listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=777
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=YES
chown_username=myftpuser
ftpd_banner=My FTP
ls_recurse_enable=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
178024
  • 36
  • 3
  • 15
Todd Petersen
  • 21
  • 1
  • 2
  • 2
    a few things. 1)local_umask looks a bit off, umask stands for permissions - umask number, so in your case if you want to permit everyone - everything you should put umask of 000 instead. 2) What logs on your vsftpd server side say when you connect from windows? 3) Have you tried to use FTP client, e.g. Filezilla? – Dmitriy Kupch Dec 07 '18 at 18:57
  • 2
    I suggest the Explorer tries to use FTP active mode which does not work if you are behind some NAT router (i.e. typical SoHo router). Switch to passive mode - see [How to configure Internet Explorer to use both the FTP PORT mode and the FTP PASV mode in the Windows Server 2003 Family](https://support.microsoft.com/en-ca/help/323446/how-to-configure-internet-explorer-to-use-both-the-ftp-port-mode-and-t). Windows Explorer should follow these settings too. – Steffen Ullrich Dec 07 '18 at 19:57
  • 1
    I have changed the umask to 000. This change alone made no change. – Todd Petersen Dec 07 '18 at 21:08
  • 1
    I changed the umask to 000 as suggested. That change makes sense to me. I also tried uncommenting the 2 ascii entries an the nopriv entry, changing the user on the latter to my ftp user. The result is still the same. Because of the intended use of the ftp server, using an ftp client like filezilla is out, as is using passive mode. I have not yet looked at transfer logs yet. I have set up other linux ftp servers before and have never had this issue, but those were on physical machines. Is it possible that the firewall in Google Compute Engine is causing this? – Todd Petersen Dec 07 '18 at 21:24
  • 1
    After setting up another local VM test machine identical to the VM instance in Google Compute Engine, I found that this appears to be related to the Google Cloud Platform VPC Network Firewall and not in the settings of the FTP server itself. Connecting via Windows Explorer to the local VM works fine. Does anyone know of a way to make this work with the Google Compute Engine instance? – Todd Petersen Dec 08 '18 at 13:13

2 Answers2

1

Try the following settings:

local_umask=077
connect_from_port_20=NO
ascii_download_enable=YES
ascii_upload_enable=YES
nopriv_user=ftpuser
Michael Prokopec
  • 289
  • 1
  • 4
0

I know this question has been opened since a long time ago, I'm hoping you have fixed this already, if not, I will try to add what I did and worked for me. I hope this can help you somehow.

Try adding next into your vsftpd.conf file (or the ports you want):

pasv_min_port=40000
pasv_max_port=45000

Then add a new firewall rule in the GCP project FW

Then add a new firewall rule in the GCP project FW

Here is the tag added to the instance

Here is the tag added to the instance

After that I was able to use ftp://$IP_ADDRESS successfully.

Just in case you need it, here is my full vsftpd.conf file:

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
user_sub_token=$USER
local_root=/home/$USER/ftp
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
pasv_min_port=40000
pasv_max_port=45000
Stuggi
  • 3,366
  • 4
  • 17
  • 34
Ariel Palacios
  • 101
  • 1