Deploying the FTP Service on Azure

FTP is a more complicated protocol, its protocol is divided into control layer and data layer, and the working mode is divided into active and passive modes.

In the default active mode, it works as follows:

As you can see, the client initiates FTP on the server side of the request path, and the FTP port is 21. After the user has passed authentication at the control level, the server is notified of its open random port number. The server side then proactively initiates a connection request to the TCP 20 destination port for the TCP random port number for the data connection.

In general, the FTP server and client are behind the firewall, the server side of the firewall to explicitly configure the server to provide which services to the port, the client's firewall requirements must be the client initiates the connection of the TCP connection will pass.

Because the data connection is initiated first by the server side, if the FTP client is behind a firewall, the firewall interrupts the data connection, causing FTP to log on, but the data cannot be transferred.

The passive mode works as follows:

In order to solve the problem that FTP does not work properly after the firewall, the passive mode of FTP can be selected. It is similar in the control plane process and the active mode, but after the user authentication passes, after the client enters the PASV mode, the server side will randomly select the specific range TCP port as the data transmission port according to the prior configuration, and open this port waits for the user data transmission, simultaneously and sends this information to the client, The client initiates a request for data transfer through this port. When the data of the FTP server is returned to the client, the firewall in front of the client discovers that the TCP connection is the client-initiated TCP connection, so the data of the server passes through the firewall smoothly and realizes the data transfer.

Therefore, in order to enable all clients to access the FTP server, in general, the FTP server will support both active mode and passive mode.

In an azure environment, the VM's endpoint is equivalent to the firewall on the front of the FTP server, and all possible control plane and data plane ports need to be opened on endpoint. So: TCP 21 (Control plane port), TCP 20 (Active mode data port), multiple TCP ports (data ports in passive mode) are all open on endpoint.

In addition, the firewall of the VM itself should be set up to open the above port.

The following will deploy the FTP service on Azure by installing vsftp as a case.

A total of three parts: 1. Install VSFTP, 2. Set the VM's endpoint, 3. Set up the firewall for the VM, and then you can test it.

1. Installing VSFTP

Yum Install–y vsftpd

To change the configuration file for vsftpd:

Vim/etc/vsftpd/vsftpd.conf

Add the following content:

Pasv_enable=yes

pasv_min_port=1120

pasv_max_port=1121

These three lines indicate that passive mode is turned on, and its data transfer random port is 1120-1121.

Start the VSFTPD service after saving.

2. Configuring the VM's Endpoint

You can see the open FTP control plane port: 21, open the FTP active mode data port: 20, open the FTP passive mode data port (this port is configured in the configuration file): 1120, 1121.

3. Configuring firewalls for VMS

To simplify configuration, turn off iptables:

Iptables–f

Service Iptables Save

This is the end of the configuration. Test:

C:\users\hengz>ftp hwcentos65.chinacloudapp.cn

Connected to hwcentos65.chinacloudapp.cn.

(VsFTPd 2.2.2)

All in UTF8 mode.

User (hwcentos65.chinacloudapp.cn: (None)): Anonymous

331 Specify the password.

Password:

Successful Login.

Ftp> ls

PORT command successful. Consider using PASV.

Here comes the directory listing.

Pub

226 Directory send OK.

Ftp:8 bytes received in 0.01Seconds 0.67kbytes/sec.

Content can be displayed successfully.

Deploying the FTP Service on Azure