Open Active FTP Connection From Azure VM

Question

I'm attempting to connect to a remote FTP server with an Active connection from an Azure VM. The error I'm getting is

Illegal PORT command.

I have no issues connecting to other FTP sites using Passive connections, but this FTP server only supports Active. My question is basically the same as this question, except that my issue is NOT caused by the Windows Firewall. I verified this by turning the firewall off for a few seconds and re-attempting the connection, with no luck.

My theory is that this has something to do with the Azure "Endpoints", though I can't verify that and I don't know how I would set them up to allow this.

Any ideas?

Answer 1

Yes, that looks like a missing endpoint (+ inbound rule if you want to have firewall enabled). In active mode server is connecting back to the client on specific port (passed by the client, PORT command) - longer explanation

In order to use active mode on azure you have to:

1. Limit you FTP client to use specific port (or range) and public IP (it's on your VM's wallpaper) e.g. FileZilla: Every client should have this somewhere in options. Unless you are unlucky and using .NET Framework FTPWebRequest.

2. Add endpoint with the same port (or range) in Endpoint settings of your Azure VM: There is no way to add port range in one click you have to add every port one by one (quite annoying)

And that's it. You can run FileZilla "Network connection wizard" to verify those settings and you should see something like this:

Connecting to probe.filezilla-project.org
Response: 220 FZ router and firewall tester ready
USER FileZilla
Response: 331 Give any password.
PASS 3.9.0.6
Response: 230 logged on.
Checking for correct external IP address
IP 23.102.xx.xxx cd-bac-dd-bcg
Response: 200 OK
PREP 6000
Response: 200 Using port 6000, data token 1941533557
PORT 23,102,xx,xxx,23,112
Response: 200 PORT command successful
LIST
Response: 150 opening data connection
Response: 200 Successful
QUIT
Response: 200 goodbye!