I need some help setting up FTP on my Azure VM instance.
The VM is Windows Server 2012 R2. I have set up the Web Server Role and created an FTP site in IIS. I have confirmed that I can access the FTP server with
ftp command: open localhost
I have also configured an FTP end point for the VM on the Azure Portal configured for the standard port 21.
Lastly, I have created a firewall rule to allow all traffic in/out of port 21.
Now when I try to FTP to it from my home machine I can see the server public DNS name is resolving to the proper IP and port but no connection can be made.
Am I missing a configuration step somewhere?
Thanks
There's a great walkthrough from July 2012 'Hosting FTP on IIS 7.5 in a Windows Azure VM' by Ronald Wildenberg about this. He echoes David's answer. These are the stages he goes through:
- First of all, you need a virtual machine. I needed a Windows machine with a SQL Server database so I chose 'Microsoft SQL Server 2012 Evaluation Edition' from the available templates.
- Once the machine has booted, you can RDP into it via the connect option at the bottom of the management portal.
- When you're in, you need to configure IIS. A summary of the required steps:
- Add the 'Web Server (IIS)' role to the server.
- Add the IIS features you need.
- Add a TCP endpoint to your VM in the management portal with public and private port 80.
- To enable FTP, make sure you enable the 'FTP Server' role services for your IIS role:
- The next step is to create the actual FTP site in IIS. Right-click on 'Sites' in IIS Manager and select 'Add FTP Site…'
- Specify the name and the local path for the site:
- Specify binding and SSL information:
- And finally specify who should have access to the FTP site.
- You should now be able to access the FTP site from within the VM. Open a command prompt, type
ftp 127.0.0.1
and login - For active FTP you need to allow access to ports 21 (FTP command port) and 20 (FTP data port) so you need to add two endpoints to your VM
- to configure passive FTP. For this to work, we need to tell the IIS FTP server the port range it can use for data connections and we need to add endpoints to the VM that correspond to this port range.
- configure the port range and external IP address for passive data connections. This can be found in IIS Manager
- The external IP address should be the Virtual IP address you can find in the Azure Management portal.
- If you cannot specify the data channel port range in the IIS Manager use the appcmd utility, which can be found in
%windir%\system32\inetsrv
: appcmd set config /section:system.ftpServer/firewallSupport /lowDataChannelPort:7000 /highDataChannelPort:7014
- You could specify all 15 new endpoints in the Azure portal but that would take ages so use the Windows Azure Powershell cmdlets.
- download the publish settings file. One way is to start Windows Azure Powershell and use the cmdlet 'Get-AzurePublishSettingsFile'. It opens a browser and allows you to download the publish settings file that corresponds to your Windows Live id.
- When you have downloaded the publish settings file, you can import it using the 'Import-AzurePublishSettingsFile' cmdlet and we’re ready to start adding endpoints.
- I simply created a text file containing the list of commands I wanted to run and copied that into the Powershell window:
Get-AzureVM -ServiceName 'myServiceName' -Name 'ftpportal' | Add-AzureEndpoint -Name 'FTPPassive00' -Protocol 'TCP' -LocalPort 7000 -PublicPort 7000 | Update-AzureVM
where 'myServiceName' is the name of my cloud service and 'ftpportal' is the name of my virtual machine. - Although the Windows firewall seems to allow all traffic that is required, you also need to enable stateful FTP filtering on the firewall:
netsh advfirewall set global StatefulFtp enable
- restart the FTP Windows service and we should be up and running:
net stop ftpsvc
net start ftpsvc
It's worth following these steps in the original article not least because he includes useful screenshots for each step, but I thought it was worth quoting extensively here just-in-case. The article also mentions Active FTP vs. Passive FTP, a Definitive Explanation as worth reading.
It would be great if I could report that after following these steps your Azure VM based FTP server will be working and accessible. But unfortunately the steps above did not fix it for me :-(
If you don't mind using FileZilla FTP Server,
Here is what i did, to enable FTP connection to my VM.
- Go to Azure VM (manage.windowsazure.com), and add 2 endpoints:
- Name: FTP (Protocol TCP, Public Port 21, Private Port 21)
- Name: FTP Passive (Protocol TCP, Public Port 60000, Private Port 60000)
- Go back to VM (via RDP), Open connection for port 21, and 60000 on Windows Firewall inbound rule.
- Download and open FileZilla Server.
- Click Edit -> Users and add user and shared directory as needed.
- Click Edit -> Settings. On the sidebar click Passive Mode Settings.
- Check "use custom port range" and enter 60000 - 60000
- On ip4specific part, select radio button "use the following ip", and enter your xxxx.cloudapp.net.
- Save, and run the server. That's it, you can now connect to FTP from outside of VM.
Hope it helps someone.
Cheers