Setting Up a Basic FTP Server and Troubleshooting Connectivity Issues

 

Introduction

This post will show you how to set up an FTP server in an Ubuntu EC2 instance. Further, we will replicate a connectivity problem, analyze the situation, and then take steps to resolve the problem. The guide focuses more on those with a background in AWS and Basic Linux knowledge.

FTP Servers are used to transfer files within different environments, it is crucial to configure them properly, maintain the configuration, and keep them up and running for smooth operation and productivity.

1. Setting Up the EC2 Instance and FTP Server

1.1 Launching an EC2 Instance

For this example, we will use an AWS EC2 instance that runs on the Ubuntu operating system.

1. Log in to your AWS Management Console.

2. Navigate to EC2:

   • Click on Instances on the left sidebar.
   • Click Launch Instance.
   

3. Select an Ubuntu AMI:

   • We choose here Ubuntu Server 20.04 LTS (You can choose any other version if preferred).

   
   

   
   
   

4. Choose an Instance Type:

   • Select t2.micro (eligible for the free tier).
   
   
   

   
   

5. Configure Security Group:

   • Add inbound rules for:
     • Port 22 (SSH): For connecting to the server.
     • Port 21 (FTP): For FTP access.
   
   
   

   
   

   Note: In this example, we've opened the port to any IP address from the outside. This is not recommended for a production environment. Adjust the settings accordingly if you're using this setup in a production environment.

6. Review and Launch:

   • Choose a key pair to connect to your instance then click Launch
   
   
   

   
   

1.2 Connecting to the EC2 Instance

Once the instance is running, connect to it using SSH:

Get the instance Public IPv4 address

ssh -i /path/to/your-key.pem ubuntu@<EC2-Public-IP>

1.3 Installing and Configuring the FTP Server

1. Update the package list:

sudo apt-get update

1. Install vsftpd:

sudo apt-get install vsftpd -y

1. Backup the original configuration file:

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

4. Edit the vsftpd configuration:

sudo nano /etc/vsftpd.conf

• Update the configuration with these settings:

  Note: This configuration is only to set up a basic FTP Server for troubleshooting purposes, to set up an FTP server correctly might need some additional configuration steps.

listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES

1. Restart the vsftpd service:

sudo systemctl restart vsftpd

1. Enable the service to start on boot:

sudo systemctl enable vsftpd

2. Replicating the FTP Access Issue

2.1 Blocking FTP Port

1. Install ufw (if not already installed):

sudo apt-get install ufw -y

1. Block port 21:

sudo ufw deny 21/tcp
sudo ufw reload

1. Check ufw status

sudo ufw status

1. Enable the ufw if it is inactive and check the status again.

sudo ufw enable

2.2 Attempting to Access the FTP Server

1. Test the FTP connection:

telnet <EC2-Public-IP> 21

3. Diagnosing and Troubleshooting the Issue

3.1 Checking FTP Service Status

1. Check the status of vsftpd:

sudo systemctl status vsftpd

1. Check whether the port is listening on your server.

sudo netstat -tuln | grep :21

1. Check ufw status:

sudo ufw status

3.2 Inspecting AWS Security Group Configuration

1. Verify security group settings in the AWS Management Console:

   • Go to EC2 > Security Groups.
   • Ensure inbound rules include port 21
   
   
   

   
   

   
   
   

   
   

4. Resolving the Issue and Implementing Preventive Measures

4.1 Unblocking Port 21

1. Allow FTP traffic through ufw:

sudo ufw allow 21/tcp
sudo ufw reload

4.2 Testing FTP Access

Test the FTP connection again:

telnet <EC2-Public-IP> 21

4.4 Implementing Monitoring and Alerts

If you need to proactively detect this kind of issue you can implement a monitoring and alerting mechanism for your FTP server using tools like AWS CloudWatch or Datadog to ensure continuous availability and quick issue resolution.

AWS CloudWatch Even though CloudWatch will not directly provide a way to check the status of a port you can create custom metrics to monitor specific metrics of your server, such as the FTP port's availability then you can set up an alert to notify when the port is not accessible. Additionally, you can leverage integrating other services like SSM Agent with Lambda and work on a solution to monitor the health of a port.

Datadog, The Datadog monitoring platform on the other hand offers a wide range of monitoring solutions with built-in support for checking server metrics such as port availability. You can set up checks for your FTP server and configure alerts and Dashboards to notify your team when issues occur.

Both tools are powerful and great tools for monitoring your infrastructure, but the best choice is based on your infrastructure and monitoring needs. Implementing either or any kind of configuration will ensure proactive monitoring and keep your FTP service accessible and functional.

Hope you have enjoyed this article, please comment and share if you would like to add something to this.