FileZilla FTP to AWS EC2 Windows Server 2012 Instance: Failed to retrieve directory listing
While you have opened port 14747 on EC2 firewall, supposedly for a passive data channel, your server listens on different ports and mainly on wide port range, not on a single port.
From the client log:
Response: 227 Entering Passive Mode (172,31,34,244,202,201)
Where 202*256+201 = port 51913
From the server log:
(000004)9/14/2014 9:02:45 AM - administrator (31.16.50.63)> 227 Entering Passive Mode (172,31,34,244,202,205)
Where 202*256+205 = port 51917
I assume that you have not configured the server to use the port that you have opened. Use Passive Mode Settings in FileZilla Server Options:
https://wiki.filezilla-project.org/Network_Configuration#Passive_mode_2
Note that using a single data port might cause problems, if you do not guarantee that the port number is reserved for the server.
See How many data channel ports do I need for an FTP server?
Also you should configure the FTP server with its correct external IP address.
Response: 227 Entering Passive Mode (172,31,34,244,202,201)
Status: Server sent passive reply with unroutable address. Using server address instead.
While FileZilla client (and other FTP clients) can handle server returning invalid IP address, some FTP clients (rightfully) do not. See External Server IP Address for passive mode transfers on the same options page.
Related videos on Youtube
user2606742
Updated on September 18, 2022Comments
-
user2606742 over 1 year
I am running FileZilla FTP Server on an Amazon Web Services EC2 Windows Server 2012 Instance, and want to FTP in from my home PC using FileZilla Client. I followed these instructions, but using user Administrator in Step 7 together with the user's password:
How to (S)FTP into your EC2 instance
In this guide, we will be using FileZilla. If you need it, google FileZilla, and download the CLIENT. Not the server.
Step 1: Get your Public DNS address. You can find it under your instance's info, at the bottom.
Step 2: Find your .pem key that you got when you got your instance.
Step 3: Open FileZilla.
Step 4: Go to the FileZilla settings, and on the left, click SFTP.
Step 5: Add a new private key. (Your .pem key)
Step 6: If you are using a .pem key you must convert it, otherwise it will not work.
Step 7: At the top in the Quickconnect bar, put your Public DNS in the host, ec2-user, port 22 (Port 22 is SFTP rather than FTP, AWS will kick back FTP.), and NO PASSWORD.
Step 8: Click Quickconnect.
Step 9: You are done!
I can connect successfully, but then I get an error "Failed to retrieve directory listing". This is the output on the filezilla client(dns/ip edited for security reasons)
Status: Resolving address of myAWSDNS.us-west-2.compute.amazonaws.com Status: Connecting to xx.xx.xxx.xxx:21... Status: Connection established, waiting for welcome message... Response: 220-FileZilla Server version 0.9.41 beta Response: 220-written by Tim Kosse ([email protected]) Response: 220 Please visit http://sourceforge.net/projects/filezilla/ Command: USER Administrator Response: 331 Password required for administrator Command: PASS *********** Response: 230 Logged on Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I Command: PASV Response: 227 Entering Passive Mode (172,31,34,244,202,201) Status: Server sent passive reply with unroutable address. Using server address instead. Command: MLSD Response: 425 Can't open data connection. Error: Failed to retrieve directory listing
And this is the output on the FileZilla Server:
(000004)9/14/2014 9:02:44 AM - (not logged in) (31.16.50.63)> Connected, sending welcome message... (000004)9/14/2014 9:02:44 AM - (not logged in) (31.16.50.63)> 220-FileZilla Server version 0.9.41 beta (000004)9/14/2014 9:02:44 AM - (not logged in) (31.16.50.63)> 220-written by Tim Kosse ([email protected]) (000004)9/14/2014 9:02:44 AM - (not logged in) (31.16.50.63)> 220 Please visit http://sourceforge.net/projects/filezilla/ (000004)9/14/2014 9:02:44 AM - (not logged in) (31.16.50.63)> USER Administrator (000004)9/14/2014 9:02:44 AM - (not logged in) (31.16.50.63)> 331 Password required for administrator (000004)9/14/2014 9:02:44 AM - (not logged in) (31.16.50.63)> PASS *********** (000004)9/14/2014 9:02:44 AM - administrator (31.16.50.63)> 230 Logged on (000004)9/14/2014 9:02:45 AM - administrator (31.16.50.63)> PWD (000004)9/14/2014 9:02:45 AM - administrator (31.16.50.63)> 257 "/" is current directory. (000004)9/14/2014 9:02:45 AM - administrator (31.16.50.63)> TYPE I (000004)9/14/2014 9:02:45 AM - administrator (31.16.50.63)> 200 Type set to I (000004)9/14/2014 9:02:45 AM - administrator (31.16.50.63)> PASV (000004)9/14/2014 9:02:45 AM - administrator (31.16.50.63)> 227 Entering Passive Mode (172,31,34,244,202,205) (000004)9/14/2014 9:02:45 AM - administrator (31.16.50.63)> MLSD (000004)9/14/2014 9:02:55 AM - administrator (31.16.50.63)> 425 Can't open data connection.
I have opened ports 21,22 and 14147 on both the EC2 Instance's Firewall as well as the Instance's Security Group Settings to traffic from all IPs.
Anyone any idea what i can change to get this to work?
Thanks,
Chris
-
user2606742 over 9 yearsThanks, I looked at your link and configured the settings accordingly, and it worked! Thanks Martin
-
manatttta almost 8 yearsCould you please explain the statement "Where 202*256+201 = port 51913"? Thank you :)
-
Martin Prikryl almost 8 years@manatttta The port number is expressed using two bytes. To get the number, you shift the first byte left by 8 bits, what is an equivalent to multiplying by 256 (=2^8), and sum with the second byte.
-
manatttta almost 8 years@MartinPrikryl ok thank you! :) so then what means the string (172,31,34,244,202,205)?
-
Martin Prikryl almost 8 yearsIP 172.31.34.244, port 51917 (=202*256+205)