FileZilla FTP to AWS EC2 Windows Server 2012 Instance: Failed to retrieve directory listing

networking ftp amazon-ec2 amazon-web-services

19,101

While you have opened port 14747 on EC2 firewall, supposedly for a passive data channel, your server listens on different ports and mainly on wide port range, not on a single port.

From the client log:

Response: 227 Entering Passive Mode (172,31,34,244,202,201)

Where 202*256+201 = port 51913

From the server log:

(000004)9/14/2014 9:02:45 AM - administrator (31.16.50.63)> 227 Entering Passive Mode (172,31,34,244,202,205)

Where 202*256+205 = port 51917

I assume that you have not configured the server to use the port that you have opened. Use Passive Mode Settings in FileZilla Server Options:
https://wiki.filezilla-project.org/Network_Configuration#Passive_mode_2

Note that using a single data port might cause problems, if you do not guarantee that the port number is reserved for the server.
See How many data channel ports do I need for an FTP server?

Also you should configure the FTP server with its correct external IP address.

Response: 227 Entering Passive Mode (172,31,34,244,202,201)
Status: Server sent passive reply with unroutable address. Using server address instead.

While FileZilla client (and other FTP clients) can handle server returning invalid IP address, some FTP clients (rightfully) do not. See External Server IP Address for passive mode transfers on the same options page.

19,101

user2606742

Updated on September 18, 2022

Comments

user2606742 over 1 year

I am running FileZilla FTP Server on an Amazon Web Services EC2 Windows Server 2012 Instance, and want to FTP in from my home PC using FileZilla Client. I followed these instructions, but using user Administrator in Step 7 together with the user's password:

How to (S)FTP into your EC2 instance

In this guide, we will be using FileZilla. If you need it, google FileZilla, and download the CLIENT. Not the server.

Step 1: Get your Public DNS address. You can find it under your instance's info, at the bottom.

Step 2: Find your .pem key that you got when you got your instance.

Step 3: Open FileZilla.

Step 4: Go to the FileZilla settings, and on the left, click SFTP.

Step 5: Add a new private key. (Your .pem key)

Step 6: If you are using a .pem key you must convert it, otherwise it will not work.

Step 7: At the top in the Quickconnect bar, put your Public DNS in the host, ec2-user, port 22 (Port 22 is SFTP rather than FTP, AWS will kick back FTP.), and NO PASSWORD.

Step 8: Click Quickconnect.

Step 9: You are done!

I can connect successfully, but then I get an error "Failed to retrieve directory listing". This is the output on the filezilla client(dns/ip edited for security reasons)

Status: Resolving address of myAWSDNS.us-west-2.compute.amazonaws.com
Status: Connecting to xx.xx.xxx.xxx:21...
Status: Connection established, waiting for welcome message...
Response:   220-FileZilla Server version 0.9.41 beta
Response:   220-written by Tim Kosse ([email protected])
Response:   220 Please visit http://sourceforge.net/projects/filezilla/
Command:    USER Administrator
Response:   331 Password required for administrator
Command:    PASS ***********
Response:   230 Logged on
Status: Connected
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is current directory.
Command:    TYPE I
Response:   200 Type set to I
Command:    PASV
Response:   227 Entering Passive Mode (172,31,34,244,202,201)
Status: Server sent passive reply with unroutable address. Using server address instead.
Command:    MLSD
Response:   425 Can't open data connection.
Error:  Failed to retrieve directory listing

And this is the output on the FileZilla Server:

(000004)9/14/2014 9:02:44 AM - (not logged in) (31.16.50.63)> Connected, sending welcome message...
(000004)9/14/2014 9:02:44 AM - (not logged in) (31.16.50.63)> 220-FileZilla Server version 0.9.41 beta
(000004)9/14/2014 9:02:44 AM - (not logged in) (31.16.50.63)> 220-written by Tim Kosse ([email protected])
(000004)9/14/2014 9:02:44 AM - (not logged in) (31.16.50.63)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000004)9/14/2014 9:02:44 AM - (not logged in) (31.16.50.63)> USER Administrator
(000004)9/14/2014 9:02:44 AM - (not logged in) (31.16.50.63)> 331 Password required for administrator
(000004)9/14/2014 9:02:44 AM - (not logged in) (31.16.50.63)> PASS ***********
(000004)9/14/2014 9:02:44 AM - administrator (31.16.50.63)> 230 Logged on
(000004)9/14/2014 9:02:45 AM - administrator (31.16.50.63)> PWD
(000004)9/14/2014 9:02:45 AM - administrator (31.16.50.63)> 257 "/" is current directory.
(000004)9/14/2014 9:02:45 AM - administrator (31.16.50.63)> TYPE I
(000004)9/14/2014 9:02:45 AM - administrator (31.16.50.63)> 200 Type set to I
(000004)9/14/2014 9:02:45 AM - administrator (31.16.50.63)> PASV
(000004)9/14/2014 9:02:45 AM - administrator (31.16.50.63)> 227 Entering Passive Mode (172,31,34,244,202,205)
(000004)9/14/2014 9:02:45 AM - administrator (31.16.50.63)> MLSD
(000004)9/14/2014 9:02:55 AM - administrator (31.16.50.63)> 425 Can't open data connection.

I have opened ports 21,22 and 14147 on both the EC2 Instance's Firewall as well as the Instance's Security Group Settings to traffic from all IPs.

Anyone any idea what i can change to get this to work?

Thanks,

Chris

user2606742 over 9 years

Thanks, I looked at your link and configured the settings accordingly, and it worked! Thanks Martin
manatttta almost 8 years

Could you please explain the statement "Where 202*256+201 = port 51913"? Thank you :)
Martin Prikryl almost 8 years

@manatttta The port number is expressed using two bytes. To get the number, you shift the first byte left by 8 bits, what is an equivalent to multiplying by 256 (=2^8), and sum with the second byte.
manatttta almost 8 years

@MartinPrikryl ok thank you! :) so then what means the string (172,31,34,244,202,205)?
Martin Prikryl almost 8 years

IP 172.31.34.244, port 51917 (=202*256+205)