Using Passive FTP on Amazon EC2

Installing proftpd on an amazon ec2 instance is not rocket since, but after installing you need to configure it to work correct.Because amazon ec2 instances use an internal IP address as their ethernet interface address, proftpd needs to be configured for passive FTP.

First, you need to apply for an Elastic IP address which you will allocate to your instance. This will be the IP address that will be show to the world.

Second step is to configure the firewall properly for that instance. Go to the “Security group” assigned to the instance and add the following rules:

* Connection Method: Custom
* Protocol: TCP
* From Port: 20
* To Port: 21
* Source (IP or group): (that is, if you want to permit to the whole internet to access your ftp server; if not, replace this with the IP address or class that you want to give access to your ftp server)

We need to add another rule for the passive ports that will be used by proftpd:

* Connection Method: Custom
* Protocol: TCP
* From Port: 49152
* To Port: 65535
* Source (IP or group):

Now, go to your machine end edit /etc/proftpd/proftpd.conf and add the following lines:

PassivePorts 49152 65535

MasqueradeAddress your_elastic_ip_address

Restart proftpd and enjoy:

/etc/init.d/proftpd restart

For Vsftpd configuration is slightly different. You need to edit vsftpd.conf and make sure that you add these lines:

pasv_address=elastic IP

Range 1024-1080 or whatever other range needs to be added in the Security group, same way we did for Proftpd. Then run: /etc/init.d/vsftpd restart

Getting Client.InvalidKeyPair.NotFound

When running the running ec2-run-instances command, I received the following error:

Client.InvalidKeyPair.NotFound: The key pair ‘.ssh/campusfork’ does not exist

Seems that the EC2_KEYPAIR_NAME system variable was set incorrectly. You can find the correct value using the ec2-describe-keypairs command. Here is an example of its use:

[amazon@shifu ~]$ ec2-describe-keypairs
KEYPAIR cf-host01-keypair01 34:ce:19:bb:48:d9:3a:6f:36:c1:04:f8:ae:d6:97:ba:ae:1f:81:a2
KEYPAIR campusfork 5f:ca:32:07:07:f3:15:ef:f9:a0:0c:64:b4:30:a2:be:67:a1:8a:75

So the correct value is campusfork not the filename.