![[Compatible with over 200 countries] Global eSIM “Beyond SIM”](https://beyondjapan.com/cms/wp-content/uploads/2024/05/beyond_esim_blog_slider1-768x345.jpg)
![[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”](https://beyondjapan.com/cms/wp-content/uploads/2024/05/china-sim_blogbanner-768x345.jpg)
![[Global exclusive service] Beyond's MSP in North America and China](https://beyondjapan.com/cms/wp-content/uploads/2024/06/gloval_surport_blog_slider-768x345.jpg)
![[YouTube] Beyond official channel “Biyomaru Channel”](https://beyondjapan.com/cms/wp-content/uploads/2021/07/バナー1-768x339.jpg)
![[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!](https://beyondjapan.com/cms/wp-content/uploads/2022/12/recruit_blog_banner-768x344.jpg)
[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!
![[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services](https://beyondjapan.com/cms/wp-content/uploads/2021/03/AWS_構築・運用保守-768x344.png)
[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services
![[Successor to CentOS] AlmaLinux OS server construction/migration service](https://beyondjapan.com/cms/wp-content/uploads/2023/08/almalinux_blogbanner-768x344.png)
[Successor to CentOS] AlmaLinux OS server construction/migration service
![[For WordPress only] Cloud server “Web Speed”](https://beyondjapan.com/cms/wp-content/uploads/2022/11/webspeed_blog_banner-768x344.png)
[For WordPress only] Cloud server “Web Speed”
![[Cheap] Website security automatic diagnosis “Quick Scanner”](https://beyondjapan.com/cms/wp-content/uploads/2023/04/quick_eyecatch_blogbanner-768x345.jpg)
![[Reservation system development] EDISONE customization development service](https://beyondjapan.com/cms/wp-content/uploads/2023/06/edisone_blog_banner-768x345.jpg)
![[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”](https://beyondjapan.com/cms/wp-content/uploads/2021/03/Appmill_ブログバナー-768x344.png)
Points that stuck when using passive with FTP in ec2
This is Ito from the infrastructure team.
When I had the opportunity to use FTP (vsftpd) passively on an ec2 instance, I had trouble establishing FTP communication, so
I would like to introduce some points to keep in mind.
vsftpd was an abbreviation for Very Secure FTP Daemon.
Not just security groups
I think most people use security groups to control the ec2 firewall.
The process is to use a security group to allow only IP addresses that use FTP.
Also, when using passive with FTP, you also need to open the passive port in the security group.
Like this
And I will also set it on the vsftpd side.
This is the setting of the port used passively.
1 | # vim /etc/vsftpd/vsftpd.conf pasv_enable=YES pasv_min_port=60000 pasv_max_port=60030 |
However, this alone is not enough to connect. . .
Communication when vsftpd is passive in ec2
ec2 basically doesn't know about public IPs.
When I run ifconfig, only the local IP is returned.
This means that passive communication is performed using the local IP of the ec2 instance.
The FTP connection will fail, saying something like ` `FTP communication is possible, but passive communication is not possible, so I can't list the directory.''
To resolve this, you can set the IP address for passive communication to vsftpd.
It's like this.
1 | # vim /etc/vsftpd/vsftpd.conf pasv_address=<public IP> |
FTP is fine! !
2
Loading...2 
![[2026.6.30 Amazon Linux 2 end of support] Amazon Linux server migration solution](https://beyondjapan.com/cms/wp-content/uploads/2025/01/amazon-linux-migration_eyecatch_2026.jpg)
[2026.6.30 Amazon Linux 2 end of support] Amazon Linux server migration solution
The person who wrote this article
About the author
