Thread: FTP Server Refused passive mode - Using VSFTPD

Hi All,
I have EC2 Micro Instance which has FTP server (VSFTPD) installed. I ftp it from server itself, it works fine! That means service is ON and working fine.
but if I try to get FTP from any other client (via internet) it logs-in and works fine over 21 port(for commands) but as client request for the data it says, - "421 Service not available, remote server has closed connection Passive mode refused."
If I put "passive" command in ftp after login, It says:"passive mode is off" and then works fine in active mode!!
I m confused that why passive mode is not working??
Although firewall is off in both sides, Other security tools are also disable.

---- vsftpd.conf---

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
tcp_wrappers=YES
pasv_promiscuous=YES
port_enable=YES
pasv_enable=YES
pasv_max_port=11200
pasv_min_port=11100
---------------------------------------
Need your help!!!

Thanks In Advance!

Hi,

By default VSFTPD in passive mode, you just need to allow NEW ESTABLISH RELATED connection state on your firewall.
see below iptables rules examples:

Code:

-A INPUT -p tcp -m tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 20 -m state --state ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT

Also check out firewall section @ Red Hat / CentOS VSFTPD FTP Server Configuration and PF Firewall Open FTP Port 21 (PASSIVE Configuration)