OpenStack doesn't support FTP to VM instance in passive mode?
I'm testing FTP to VM instance which runs on Ice House version openstack. I found that FTP to VM instance in active mode is OK but the passive mode doesn't work because Passive IP address is set to Private(Fixed) IP address instead of Public(Floating) IP address. Can I make FTP passive mode to VM instance work? Is it the limitation of OpenStack?
85 40.835005 192.168.2.6 10.0.3.15 FTP 114 Response: 227 Entering Passive Mode (192,168,2,6,21,74).
File Transfer Protocol (FTP)
227 Entering Passive Mode (192,168,2,6,21,74).
Response code: Entering Passive Mode (227)
Response arg: Entering Passive Mode (192,168,2,6,21,74).
Passive IP address: 192.168.2.6 (192.168.2.6) <= Private IP address of VM instance. Floating IP is 10.91.40.107
Passive port: 5450
I have the same problem, and obviously nf_conntrack_ftp doesn't address the problem that a fixed (a.k.a. private) IP address is used for passive mode. Even if it can be changed to use a floating IP, I wonder about the port and security group.
Is there any way to get around this?
FTP conntrack will help you with opening the ports, as they are considered as "RELATED" traffic. But your iptables need to accept RELATED connections. Also you'll need to configure your FTP server to advertise the public IP not the private one. Some FTP daemons support changing the advertised IP.