I have a VM-1 on Azure with windows server 2012. I have installed FTP server in this. (FileZilla)
Another VM-2 in different cloud, where a windows service will access a FTP server in VM-1.
Both VMs are in different cloud. In FTP , while listing directories I am getting '425 Cant open data connection for dir listing'
I am using active mode in FTP.
But If I install the windows service in local machine, it is running correctly without any issue in FTP.
I'll answer though this isn't a programming question, because I can help. :)
When a virtual machine is created, a default ACL is put in place to block all incoming traffic other than for RDP and Remote PowerShell connections.
http://azure.microsoft.com/blog/2014/03/28/network-isolation-options-for-machines-in-windows-azure-virtual-networks/
You need inbound ports other than 21 for active connections, typically high ports above 1024, if you have port 21 open inbound already then you should use passive (pasv) mode to let the server open a random outbound port first to solve the issue of needing an ACL for other inbound ports.
More info on Active vs Passive and ports: http://slacksite.com/other/ftp.html
Related
I am trying to connect to a FTP server hosted on azure VM using IIS I can connect but I keep getting the following error:
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing
Could you disable the firewall and try FTP to a different server?
Do you have an NSG (Network Security Group) associated with your VM ?, If yes then you'll need to open port 21/990 to access your FTP Server
Use Azure Powershell to setup the ports and check for the status.
Azure now have an FTP VM in the marketplace that fully setups FileZilla FTP Server https://azuremarketplace.microsoft.com/en-gb/marketplace/apps/cloud-infrastructure-services.filezilla-ftp-server
Setup instructions: https://cloudinfrastructureservices.co.uk/install-filezilla-secure-ftp-server-on-azure-server-2016/
You need to add an additional port range, which the ftp server will choose from for each ftp connection.
While the Windows firewall is automatically configured with rules for the ports 21, 990 and 1024-65535, when IIS FTP server is installed, the rules are not enabled initially.
To enable or change the rules, go to Control Panel > System and Security > Windows Firewall > Advanced Settings > Inbound Rules and locate three "FTP server" rules. If the rules are not enabled, click on Actions > Enable Rule.
https://winscp.net/eng/docs/guide_windows_ftps_server
Refer to the suggestion mentioned here: Cannot list directory on IIS FTP server on Azure, even after configuring Azure inbound rules and Windows firewall
Additional information: https://serverfault.com/questions/279286/how-to-resolve-ftp-error-failed-to-retrieve-directory-listing-for-administrato
If you are using passive mode the server opens a random unprivileged port above 1023. Therefore in order to work you would need to open up a range of ports in Azure. If you need this to work in passive mode your best bet is to use an FTP server where you can configure the passive mode port range, and then create the corresponding inbound port range rule in Azure (and in the OS). If you have any alternatives I wouldn't do it, since the fewer ports you expose the better.
I've setup an Ubuntu Server on Azure. On this server, an application is running on port 3000. I want to access this application external. Azure tells me my server has public ip 40.68.XXX.XXX.
When I ping this IP, there is no response, despite ssh works when connecting to this IP-address.
I want to access 40.68.XXX.XXX:3000 external, does somebody know how to get this work?
Yes, you need to open up a port on the Network Security Group (NSG) and open up the port on your firewall (on the VM itself).
Easiest way to open the port is using the portal:
https://learn.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-nsg-quickstart-portal
We have recently moved our server onto Azure. It runs our point-of-sale system and uploads a few files via FTP to our webserver which then gets parsed and products are created.
The point of sale software developers have a bunch of batch files that run FTP.exe which unfortunately doesn't support passive file transfers(regardless of what you read - quote pasv & literal pasv don't work). So we are stuck using active transfers, unfortunately this doesn't suit Azure very well.
The server is using ports 10090 - 10100 for active connections (I have created a rule in the NSG to allow 10090-10100 in) but unfortunately this isn't working at all.
I'm in the process of trying to convince the developers to rewrite using WinSCP so that we can just use passive transfers, but otherwise I've been searching for another solution, and so far nothing has worked.
I know it's not an issue in the OS as I've turned off Windows Firewall & still no luck.
Any help or suggestions with this problem is greatly appreciated.!
The server is using ports 10090 - 10100 for active connections (I have
created a rule in the NSG to allow 10090-10100 in) but unfortunately
this isn't working at all.
This is a by design behavior, because the VM's NSG inbount rules have no entries about the random unprivileged ports.
In active mode FTP the client connects from a random unprivileged port (N > 1023) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20.
Here is the connection appears as follows:
For test, I had create 2 VMs (turn off windows firewall) in the same Vnet, and setup FTP on VM1, then use VM2 (disable use passive FTP) to access FTP, it works. Because VM1 and VM2 can connect with each other, and in the same Vnet the NSG does't work for internal network traffic.
So, in this case, active FTP isn't working because the server can't initiate a connection to the client. Maybe the most secure method is passive mode FTP.
I have a Windows Server 2012 virtual machine provisioned on Azure. I installed Neo4j server on this virtual machine and I'm accessing the Neo4j browser on localhost:7474.
However I cannot access the browser outside using my virtual machine's public IP e.g <machineIP:7474>
Here's what I have done so far:
In the Azure portal, I added inbound rules for the NSG to allow http and https ports 80 and 443 (I have done the same on a Linux virtual machine also hosted in Azure and I can access the browser just fine)
I also added an inbound rule in Windows Firewall to allow Port 80 and 443 as well
What possibly blocks me from accessing the virtual machine's IP from the outside?
You have to add TCP port 7474 to the firewall in the Azure portal:
change your neo4j-server.properties
set
org.neo4j.server.webserver.address=0.0.0.0
To remotely access Neo4j installed on a Windows VM in Azure, these are the changes you'll need to make:
In the Azure portal, add TCP port 7474 to the Endpoints of your Windows VM
On your Windows VM, in the Windows Firewall Advances Security, add a new Inbound Rule for port 7474
Change the conf/neo4j.conf and uncomment this line:
org.neo4j.server.webserver.address=0.0.0.0
Note: In case you also want full access to Neo4j's browse interface including Bolt, then also add port 7687 both in the Azure Endpoints and the Windows Firewall.
I installed TFS on windows azure VM, this VM has public ip:42.134.156.116 for example,i find it is with the port 63630 indeed when i remote this VM with using a downloaded .RDP file.
In visual studio on my local machine, i can not connect to this tfs via its public IP.
I think this maybe a port or firewall issue,but not exactly. because vm has the port 63630 and tfs defualt port is 8080, in addition:the inbound rule of port 8080 has the Profiles "private" and "public", ,
any help?
In Azure go to the VM and click on the endpoints and enable 8080 for your TFS.
Azure also has firewall rules as well as your local VM. The VM as you mentioned looks to have 8080 inbound open.
Regarding your local VM firewall, whether it is public or private depends on what type of network you assigned to your local VM network.
Then try to telnet from your local machine to your VM to confirm the port is open.
Then if that works you should be able to connect. If you can't after that point, it is a TFS or VS Configuration issue.
If you are having troubles, I normally find it good to disable ALL firewalls, get a good connection, then switch them on one by one until you find out which one is causing the issue.