How to set up FTP on Azure VM

StackOverflow https://stackoverflow.com/questions/18422391

Question

I need some help setting up FTP on my Azure VM instance.

The VM is Windows Server 2012 R2. I have set up the Web Server Role and created an FTP site in IIS. I have confirmed that I can access the FTP server with 

ftp command: open localhost

I have also configured an FTP end point for the VM on the Azure Portal configured for the standard port 21.

Lastly, I have created a firewall rule to allow all traffic in/out of port 21.

Now when I try to FTP to it from my home machine I can see the server public DNS name is resolving to the proper IP and port but no connection can be made.

Am I missing a configuration step somewhere?

Thanks

Was it helpful?

Solution

There's a great walkthrough from July 2012 'Hosting FTP on IIS 7.5 in a Windows Azure VM' by Ronald Wildenberg about this. He echoes David's answer. These are the stages he goes through:

  1. First of all, you need a virtual machine. I needed a Windows machine with a SQL Server database so I chose 'Microsoft SQL Server 2012 Evaluation Edition' from the available templates.
  2. Once the machine has booted, you can RDP into it via the connect option at the bottom of the management portal.
  3. When you're in, you need to configure IIS. A summary of the required steps:
    • Add the 'Web Server (IIS)' role to the server.
    • Add the IIS features you need.
    • Add a TCP endpoint to your VM in the management portal with public and private port 80.
  4. To enable FTP, make sure you enable the 'FTP Server' role services for your IIS role:
  5. The next step is to create the actual FTP site in IIS. Right-click on 'Sites' in IIS Manager and select 'Add FTP Site…'
  6. Specify the name and the local path for the site:
  7. Specify binding and SSL information:
  8. And finally specify who should have access to the FTP site.
  9. You should now be able to access the FTP site from within the VM. Open a command prompt, type ftp 127.0.0.1 and login
  10. For active FTP you need to allow access to ports 21 (FTP command port) and 20 (FTP data port) so you need to add two endpoints to your VM
  11. to configure passive FTP. For this to work, we need to tell the IIS FTP server the port range it can use for data connections and we need to add endpoints to the VM that correspond to this port range.
  12. configure the port range and external IP address for passive data connections. This can be found in IIS Manager
  13. The external IP address should be the Virtual IP address you can find in the Azure Management portal.
  14. If you cannot specify the data channel port range in the IIS Manager use the appcmd utility, which can be found in %windir%\system32\inetsrv: appcmd set config /section:system.ftpServer/firewallSupport /lowDataChannelPort:7000 /highDataChannelPort:7014
  15. You could specify all 15 new endpoints in the Azure portal but that would take ages so use the Windows Azure Powershell cmdlets.
  16. download the publish settings file. One way is to start Windows Azure Powershell and use the cmdlet 'Get-AzurePublishSettingsFile'. It opens a browser and allows you to download the publish settings file that corresponds to your Windows Live id.
  17. When you have downloaded the publish settings file, you can import it using the 'Import-AzurePublishSettingsFile' cmdlet and we’re ready to start adding endpoints.
  18. I simply created a text file containing the list of commands I wanted to run and copied that into the Powershell window: Get-AzureVM -ServiceName 'myServiceName' -Name 'ftpportal' | Add-AzureEndpoint -Name 'FTPPassive00' -Protocol 'TCP' -LocalPort 7000 -PublicPort 7000 | Update-AzureVM where 'myServiceName' is the name of my cloud service and 'ftpportal' is the name of my virtual machine.
  19. Although the Windows firewall seems to allow all traffic that is required, you also need to enable stateful FTP filtering on the firewall: netsh advfirewall set global StatefulFtp enable
  20. restart the FTP Windows service and we should be up and running:
    • net stop ftpsvc
    • net start ftpsvc

It's worth following these steps in the original article not least because he includes useful screenshots for each step, but I thought it was worth quoting extensively here just-in-case. The article also mentions Active FTP vs. Passive FTP, a Definitive Explanation as worth reading.

It would be great if I could report that after following these steps your Azure VM based FTP server will be working and accessible. But unfortunately the steps above did not fix it for me :-(

OTHER TIPS

If you don't mind using FileZilla FTP Server,

Here is what i did, to enable FTP connection to my VM.

  1. Go to Azure VM (manage.windowsazure.com), and add 2 endpoints:
    1. Name: FTP (Protocol TCP, Public Port 21, Private Port 21)
    2. Name: FTP Passive (Protocol TCP, Public Port 60000, Private Port 60000)
  2. Go back to VM (via RDP), Open connection for port 21, and 60000 on Windows Firewall inbound rule.
  3. Download and open FileZilla Server.
  4. Click Edit -> Users and add user and shared directory as needed.
  5. Click Edit -> Settings. On the sidebar click Passive Mode Settings.
  6. Check "use custom port range" and enter 60000 - 60000
  7. On ip4specific part, select radio button "use the following ip", and enter your xxxx.cloudapp.net.
  8. Save, and run the server. That's it, you can now connect to FTP from outside of VM.

Hope it helps someone.

Cheers

After straggling for a while with the 15-points list above, I got the message MS are trying to pass - "No (easy) FTP for you"...

So I went back to the good-old & open Linux world - set up an SCP server using Cygwin. You even get a remote shell as a bonus...

1) Run the Cygwin installer - https://cygwin.com/setup-x86.exe

2) In 'Select Packages' search for

  • cygrunsrv (select the one under 'Admin')
  • openssh (select the one under 'Net)

3) When done, start the Cygwin Terminal, and type:

  • ssh-host-config -y -pwd S0me-Str0ng-pa55w0rd

  • cygrunsrv -S sshd

4) From the Azure VM add an SSH endpoint

5) In Windows FireWall, add Inbound Rule for TCP port 22

And viola - you can connect using WinSCP, Notepad++ and Putty of course...

Notes:

  • Unix is case sensitive, so type your user in exact case, e.g. Administrator with capital A
  • Your drives are under /cygdrive (c:\ is at /cygdrive/c etc)

Good luck!

You need to add an additional port range, which the ftp server will choose from for each ftp connection.

You'll need to create a bunch of input endpoints, each representing one of the ports in the specified port range. Note that you have a limited number of input endpoints (not sure of the exact number, but you should easily be able to open, say, 50 input endpoints in contiguous ports). Then just set up the ftp server to use that same range. Also, you'll want to map the input endpoint public port to the same private port number, otherwise connections won't be created properly.

The link in dumbledad's answer is currently unavailable. I was still having issues getting passive FTP running on a new Azure VM after following the steps there.

After a bit of searching, I found this create article Passive FTP and dynamic ports. It's a great walkthrough and provides a simple script to run from your VM to get FTP up and running in a minute. If you are setting up multiple VMs the script is a much quicker way to setup FTP access rather than manually configure IIS and Azure endpoints.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top