How to use specific IP with vsftpd?

Add to your vsftpd config (/etc/vsftpd.conf):

pasv_enable=YES
port_enable=YES
pasv_min_port=<port-start>
pasv_max_port=<port-end>
pasv_address=<your-machine-ip>
pasv_addr_resolve=NO

In the security config of your instance open port 20-21 for FTP, also enable passive ports to the range you specified above (pasv_min/max_port, eg: 64000-64100).

Restart vsftpd.

if that doesn't work you can try to replace the last two lines with:

pasv_address=<public-address>
pasv_addr_resolve=YES

This is my understanding of your scenario:

• You have Machine A in Your Network with an FTP Server and an FTP Client;
• You want to pull files from Machine B that is in Client's Network;
• There is a firewall in Your Network and possibly in Client's Network;
• You will use FTP client to push and pull files from Machine B.

FTP works in two modes:

- Active Mode -

In active mode FTP, the client connects from a random unprivileged port (N > 1023) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port (...)

Example:

1. FTP client in machine "A" connects to FTP server in machine "B" on port 21;
2. Machine "A" sends "ls" to machine "B", but because it is Active Mode, the result of "ls" will be delivered to port N+1 (N>1023) of machine "A";
3. This fails because FTP client in machine "A" asks machine "B" to connect to a private IP. Even if the IP is public, the ports N+1 must be open in the firewall.

- Passive Mode -

In passive mode FTP, the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1023 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1023) and sends P back to the client in response to the PASV command. The client then initiates the connection from port N+1 to port P on the server to transfer data. (...)

Example:

1. FTP client in machine "A" connects to FTP server in machine "B" on port 21;
2. Machine "A" sends "ls" to machine "B";
3. This time, the result will not be delivered to port N+1 of machine "A". Instead, machine "B" informs machine "A" that the result is waiting to be fetched in a given IP and port of machine "B".
4. This fails when this IP is private and port is not open in client's firewall. That is why the client must configure his FTP server to use a public IP and a known port (see Cubiq's answer).

These are the solutions you have:

1. Using Active Mode (considering that machine "A" has IP 175.41.135.142): Right after connection and authentication, issue this command: PORT 175,41,135,142,14,178 You will need to open port 3762 in you firewall. The ,14,178 comes from the convertion of octets to decimal ((14*256) + 178).
2. Using Passive Mode: For this method to work, the client must have a configuration like Cubiq's answer. Right after the connection and authentication, issue this command: passive

Now you should be able to "ls".

You can read more about how FTP works here: http://slacksite.com/other/ftp.html

This page is also good to understand the FTP modes: http://www.deskshare.com/resources/articles/ftp-how-to.aspx

• I received the same message when I used File Zilla. I'm using Azure VM; Ubuntu v20
• I enabled VSFTPD; default settings (disabled anon)
• I created a new user
• I tested my connection using DOS - it worked in DOS. But it doesn't work in my FILE Zilla.
• I changed my FILEZilla/Edit/Settings/FTP/PassiveMode/ to 'Fallback to Active Mode' - It Worked for me.

refs: https://ubuntu.com/server/docs/service-ftp, https://ubuntu.com/server/docs/security-users