[VMC on AWS] How to establish an FTP connection from VMC to an external FTP server which only accepts active mode
Article ID: 316705
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
This article provides information on how to establish an FTP connection from VMC to an external FTP server which only accepts active mode.
Symptoms:
Unable to establish an FTP connection between an FTP client on VMC and an external FTP server which only accepts active mode.
Symptoms:
Unable to establish an FTP connection between an FTP client on VMC and an external FTP server which only accepts active mode.
Cause
To establish an FTP connection in active mode, the following steps are needed:
When the client in active FTP mode sends a PORT command to a remote FTP server, VMC does not modify the private IP address to a public IP address, so the remote FTP server cannot initiate a connection to the client.
- An FTP client sends the PORT command to an external FTP server. The destination port is 21, and the source port is a random high numbered port.
- The FTP server responds with an ACK, then the server initiates an FTP connection to the client with source port 20. The destination port is specified in the client’s PORT command.
When the client in active FTP mode sends a PORT command to a remote FTP server, VMC does not modify the private IP address to a public IP address, so the remote FTP server cannot initiate a connection to the client.
Resolution
The following steps are required:
- Connect a VM running an FTP client to a compute network segment.
- Request a public IP address for the VM.
- Add NAT rule for the VM.
- Add firewall rules on Compute Gateway Firewall to accept connection from the FTP server.
- Specify the public IP address as the source IP address to send with PORT command on the FTP client. The procedure depends on the FTP client. For example, set ftp:port-ipv4 xxx.xxx.xxx.xxx can be used with lftp client.
Feedback
Yes
No
Powered by
