AWS EC2 FTP Failed to Retrieve Directory Listing

3

1

I know this question has been asked to death (1, 2, 3, 4) but I must be missing something here that I just can't get it working. The FTP login is successful but fails at the directory listing suggesting that it is some sort of firewall issue. The server is an EC2 instance Ubuntu 16.04 created using Laravel Forge.

I have added the Passive Ports range on the security group being used and all the configuration are set according to the answers but still I am getting the directory listing error. Any ideas on what I might be doing wrong or what I will need to do to fix it would be appreciated.

Directory Listing Error

Here is my vsftpd config:

listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty

pam_service_name=vsftpd
pasv_enable=YES
pasv_min_port=41361
pasv_max_port=65534
pasv_address=FORGE.IP.ADDRESS

rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO

The vsftpd server is running fine as running a status on it gives the following:

● vsftpd.service - vsftpd FTP server
   Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2018-11-05 10:31:56 UTC; 22h ago
 Main PID: 32657 (vsftpd)
    Tasks: 1 (limit: 1152)
   CGroup: /system.slice/vsftpd.service
           └─32657 /usr/sbin/vsftpd /etc/vsftpd.conf

Here is the security group for the EC2 instance:

EC2 Security Group

I have also opened port 20 and 21 of UFW firewall. Here is the UFW status:

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
21/tcp                     ALLOW       Anywhere
22 (v6)                    ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)
21/tcp (v6)                ALLOW       Anywhere (v6)

The only thing I haven't done is added those port in the list of 'Allow' on UFW like this DigitalOcean Tutorial suggests. But this has not be suggested in other answers. Is that what I am missing or is there something more obvious I am missing.

Niraj Pandey

Posted 2018-11-06T14:34:34.790

Reputation: 141

1Allowing data port range in UFW is something you definitely should try. – Martin Prikryl – 2018-11-06T15:09:01.470

Answers

1

As I had thought and @Martin Prikryl had suggested, I did had to allow the port range I put of security group in UFW. Now it finally lists the files.

Niraj Pandey

Posted 2018-11-06T14:34:34.790

Reputation: 141

Asked: 2018-11-06T14:34:34.790

Viewed: 889 times

Active: 2018-11-06T16:33:02.527