Disclaimer: This article may contain information about third-party products. Such information is for reference only. Alibaba Cloud does not make a guarantee in any form of the performance and reliability of the third-party products, and potential impacts of operations on these products.
Issue
In the ECS instance of the Windows system, the FTP service has been built, and the Internet environment cannot connect to or access the FTP server.
Cause
The causes of this issue are as follows:
Solution
Take note of the following items:
- Before you perform high-risk operations such as modifying the specifications or data of an Alibaba Cloud instance, we recommend that you check the disaster recovery and fault tolerance capabilities of the instance to ensure data security.
- Before you modify the specifications or data of an Alibaba Cloud instance, such as an Elastic Compute Service (ECS) instance or an ApsaraDB RDS instance, we recommend that you create snapshots or enable backups for the instance. For example, you can enable log backups for an ApsaraDB RDS instance.
- If you have granted specific users the permissions on sensitive information, such as usernames and passwords, or submitted sensitive information in the Alibaba Cloud Management Console, we recommend that you modify the sensitive information at the earliest opportunity.
Security group rules that do not allow FTP
After you build an FTP site in a Windows instance, you need to add an inbound rule to the security group to which the Windows instance belongs to allow traffic on port 21 and the port range that may be occupied by the FTP server in passive mode is 1024 to 65535. For more information, see Add a security group rule.
Note: For more information about how to configure security groups, see Application cases of security groups and Common ports.
Configure FTP firewall support
By default, the firewall of the Windows instance is disabled. If your firewall is enabled, you must allow TCP port 21 and ports 1024 to 65535 for FTP service. For more information, see How to handle FTP connection failures in Windows instances. After the FTP server is configured, it can be accessed on this machine but cannot be accessed from another machine. The reason is that the firewall is not configured properly. See the following operations to configure it:
- First, check the inbound rules in Server Manager to ensure that the FTP server is enabled.
- In the left-side navigation pane, choose Control Panel > Windows Firewall. In the left-side navigation pane, click Allow programs or features to pass through Windows Firewall. In the new window, click Allow to run another program. Locate the
C:\Windows\System32\svchost.exe
in the browse, open it, and add it. In this case, there is an additional Windows main process. Select the two check boxes and click OK.
References
Applicable scope
- ECS