Hello,
I'm trying to ftp from Windows VM into CentOS VM in AWS and getting below error. I can login and can do 'pwd' but doing 'ls' & 'put' is giving problem.
+++++++++++++++
C:\ ftp Server IP
200 (vsFTPd 3.0.2)
200 Always in UTF8 mode.
User:*****
Password:*****
230 Login Successful
ftp>pwd
257 "/home/user/"
ftp>ls
200 Port Command Successful. Consider using PASV.
425 Failed to establish connection.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
I have added port 20,21 in iptables as well as inbound rules in security groups of Linux VM and still unable to ftp.
I have also tried disabling the iptables & SELinux but still got same error
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
I have also tried using tha passive mode but still same error. I'm not sure and totally stuck on where the problem is as it doesn't looks like in firewall.

Can anyone please suggest any solution or direction.

Thanks

I would suggest abandoning attempts to get FTP working, uninstall vsFTP post haste, and use a different protocol.

For authenticated downloads: SFTP
For authenticated uploads: SFTP

For encrypted, anonymous uploads: HTTPS

For encrypted, anonymous downloads: HTTPS
For unencrypted, anonymous downloads: HTTP

If you are logging in via SSH then by default you also have SFTP already installed and available. Programs like FileZilla already support SFTP, you just have to select it.

HTTP / HTTPS is easy to add with Apache2 alone / Apache2 with Let's Encrypt.

2 members found this post helpful.

You can also install WinSCP on Windows to do sftp to UNIX/Linux servers. WinSCP can also be used for ftp/ftps connections so might give you better output of why it is failing.

Thanks for your replies but the requirement is to ftp from windows machine into CentOS using ftp command.
Please suggest if any ideas

Have you looked at the messages file on CentOS?
How exactly did you setup the FTP server?
Here is good reference: https://www.unixmen.com/install-conf...rver-centos-7/

Requirement per who? You're an admin not a monkey. You should push back telling them that ftp is an insecure protocol and most people are abandoning it.

Here we forced the move from ftp to sftp years ago and were so successful that on the one Windows server they were still using inbound ftp on they installed Cygwin and sshd and converted inbound to it to use sftp using that sshd. They disabled ftp completely at that point.

2 members found this post helpful.

Again, the ideas would be using SFTP or HTTPS.

I would need more strong evidence before accepting any assertion as accurate that an ancient (1970s), very insecure, and exceptionally difficult retro technology like FTP is required by anyone or anything in 2019. Can you please explain what is the barrier to using SFTP or HTTPS? The former is probably already installed and it only remains to start using it.

2 members found this post helpful.

In case you need to convince management ftp is a bad idea a quick web search will explain it.

This article was written EIGHT years ago and explains it well.

Yes i have setup in the same way.
I cannot see any error message in audit logs

It's due to requirement of one of the projects and they want to use it.

Let's say i want to use it. Do you think any OS hardening might be blocking it?

OK. Given that you're required to use ftp (and I agree that's a bad idea) Do any other commands work?
I don't use vsFTPd -- perhaps there's a problem in its configuration?
What's in /var/log/messages?
Does it have its own logfile? What's in that?

There is no error message inside /var/log/messages

I did the same deployment in Azure and it was successful and managed to FTP

But problem when i'm doing it in AWS- I have disabled all the firewall in Windows VM and CentOS VM. Disabled Iptables and SELinux still getting connection not established error.

Is there any way i can see where the connection is dropping?

Then please seriously consider renegotiating that component. If you do not, then at least make very sure that you have in writing in the agreement that 1) you have documented it is their insistence on FTP, 2) it is clear inthat FTP is over your objections, and 3) most importantly they absolve you of ANY and ALL security liabilities for the system involved.

It could be any number of things, it is designed from the 1970s. Among other shortcomings it does not fit with most modern networks and needs a direct connection from the outside on both the client and the server.

You'll need to make sure that logging is enabled for vsftd itself in /etc/vsftpd/vsftpd.conf

As for the connection dropping, you can also turn on logging in iptables, but as you won't and can't know which ports are involved, you'll have to log a lot of ports and try extra to not get ports known not to be involved.

Don't forget to get those first three points above in writing.

1 members found this post helpful.

Thanks for your reply. I have disabled IPTables and also SElinux.
I have put logging as well in the vsftpd as well but still i don't see any trace of error.

Even Windows Firewall is disabled and still it is not working. I have checked AWS rules as well and 20,21 ports are open in inbound rules.
Yes i will take in writing that the project want to use FTP and the security risk is owned by them.

Do you have any other stuff i can do to debug this problem?