I am hosting an FTP server basically vsftpd server in a Azure Kubernetes pod. I have exposed it using a Load balancer type service. I have also forwarded all the exposed ports to the service.I am still unable to connect to the server in passive mode.
I have enabled the passive mode. As Azure Kubernetes is behind NAT i have also explicitly provided pasv_address as the external ip of the exposed load balancer service.I also tried running FTP server using xinetd instead of standalone but it didn't work. I got a solutions somewhere to add this in vsftpd.conf seccomp_sandbox=NO But it is not working.I have tried connecting using windows powershell. Also with FileZilla and wsftp.I also disabled firewall in my machine.
I have also tried connecting FTP server using the same pod where it is deployed and i am able to transfer data. It would be using active mode . I also tried connecting to FTP server from a different pod in the same cluster using PASSIVE mode I was able to do that and even transferred a file. But form outside the cluster using my local machine or any other FTP client i am unable to open data channel on the FTP server.
I have deployed the FTP server with same configuration locally on a docker container .It still is unable to open data channel on the FTP server.
Here is the vsftpd.conf I am using in FTP server
listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
allow_writeable_chroot=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
user_sub_token=$USER
local_root=/home/$USER/ftp
pasv_enable=YES
pasv_min_port=30000
pasv_max_port=30009
pasv_promiscuous=YES
dirlist_enable=YES
download_enable=YES
use_sendfile=NO
pasv_address=x.x.x.x # Load balancer External IP
seccomp_sandbox=NO
Here is the deployment.yaml to deploy that in Kubernetes. Note i am also deploying mssql server in the same pod and i am able to access it.
---
apiVersion: v1
kind: Service
metadata:
name: ipldb-mssql-deployment
spec:
selector:
app: ipldb-mssql
ports:
- { port: 1433, targetPort: 1433, name: tcp }
- { port: 21, targetPort: 21, name: ftp }
- { port: 30000, targetPort: 30000, name: pasv1 }
- { port: 30001, targetPort: 30001, name: pasv2 }
- { port: 30002, targetPort: 30002, name: pasv3 }
- { port: 30003, targetPort: 30003, name: pasv4 }
- { port: 30004, targetPort: 30004, name: pasv5 }
- { port: 30005, targetPort: 30005, name: pasv6 }
- { port: 30006, targetPort: 30006, name: pasv7 }
- { port: 30007, targetPort: 30007, name: pasv8 }
- { port: 30008, targetPort: 30008, name: pasv9 }
- { port: 30009, targetPort: 30009, name: pasv10 }
type: LoadBalancer
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: ipldb-mssql-deployment
spec:
replicas: 1
template:
metadata:
labels:
app: ipldb-mssql
spec:
containers:
-
env:
-
name: MSSQL_PID
value: Developer
-
name: ACCEPT_EULA
value: "Y"
-
name: MSSQL_SA_PASSWORD
value: pass
image: "image"
name: ipldb-mssql-filestorage
ports:
-
containerPort: 1433
-
containerPort: 21
-
containerPort: 30000
-
containerPort: 30001
-
containerPort: 30002
-
containerPort: 30003
-
containerPort: 30004
-
containerPort: 30005
-
containerPort: 30006
-
containerPort: 30007
-
containerPort: 30008
-
containerPort: 30009
imagePullSecrets:
-
name: myPullSeceretI need to run this FTP server on Kubernetes without client opening ports unnecessarily. But the client i use give me error
227 Entering Passive Mode (x,x,x,x,x,x). connecting data channel to x.x.x.x:x,x(x) Failed to connect data channel to x.x.x.x:x,x(x) PORT x,x,x,x,x,x 500 Illegal PORT command. Port failed 500 Illegal PORT command.
I was able to figure out the issue.Responding in case someone needs this answer. I changed externalTrafficPolicy: Cluster to externalTrafficPolicy: Local of the loadbalancer service.