google-compute-engineproftpd

Setting up Proftpd with Google Compute Engine Using Passive Ports?


So I am a little confused. We have a bunch of soil moisture stations that submit data to our server via ftp. We can not change this to sftp, or ftps, good old plain ftp :/

I have setup a fresh install of Ubuntu 18.04. I have also installed proftpd and I can successfully connect to the server via FileZilla under both passive and active modes. I have enabled port 21 and a range for passive ports (49152-65534) that are set in the config of proftpd, as well as enabling these in Google VPC Firewall rules.

All seems well.. accept when a station attempts to connect to the server. I get the note stating that a station has connected, but then it fails when attempting to run in passive mode. The fail note is 'Hostname was not found'

I have tried turning off UseReverseDNS but this seems to do nothing what so ever.

I should also note that we have Proftpd setup and working on an older VPS setup outside of GCP. That is working with no issues, with the same config.

Here is the full log from the station that is attempting to connect

Re-using existing connection! (#0) with host xx.xx.xx.xx
Connected to xx.xx.xx.xx (xx.xx.xx.xx) port 21 (#0)
Request has same path as previous transfer
PASV^M
Connect data stream passively
ftp_perform ends with SECONDARY: 0
227 Entering Passive Mode (10,152,0,20,232,150).^M
Hostname was NOT found in DNS cache
  Trying 10.152.0.20...
Connecting to 10.152.0.20 (xx.xx.xx.xx) port 59542

And then the logs from the server running proftpd

[05/Jun/2019:06:07:17 +0000] "PASS (hidden)" 230 -
[05/Jun/2019:06:07:17 +0000] "PWD" 257 -
[05/Jun/2019:06:07:17 +0000] "CWD incoming" 250 -
[05/Jun/2019:06:07:17 +0000] "PASV" 227 -

You can see that it is connecting and able to change into the correct directory, but that is when it fails.

Has anyone come across this or something similar to this before? I am wondering if it has to do with the way Google sets the hostname.

Edit: Note re other vps, port ranges


Solution

  • Ok so to answer this question if anyone does come across it.

    In proftpd.conf I uncommented MasqueradeAddress and set the IP address to match the server's static IP address; IE MasqueradeAddress xx.xx.xx.xx where xx.xx.xx.xx is the static IP of the given server.

    I also created my own config and placed this in conf.d with the following

    UseReverseDNS off
    IdentLookups off
    

    Without disabling the UseReverseDNS and IndentLookups the connection was timing out and the stations where not able to upload.

    More information if you are interested