The configuration of my vsftpd is as follows :
#/etc/vsftpd.conf
listen=YES
listen_ipv6=NO
local_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
ssl_enable=NO
log_ftp_protocol=YES
xferlog_enable=YES
xferlog_std_format=NO
user_config_dir=/etc/vsftpd/users
anonymous_enable=NO
write_enable=YES
local_umask=022
#/etc/vsftpd.chroot_list
sftpusers
#/etc/vsftpd/users/dev
local_root=/sftp/dev
user_sub_token=dev
dirlist_enable=YES
download_enable=YES
allow_writeable_chroot=YES
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=50000
The configuration of my cloudflared tunnel’s config.yml is as follows :
#/etc/cloudflared/config.yml
tunnel: 00000000-0000-0000-0000-000000000000
credentials-file: /home/pi/.cloudflared/00000000-0000-0000-0000-000000000000.json
originRequest: # Top-level configuration
connectTimeout: 30s
warp-routing:
enabled: true
ingress:
- hostname: ftp.domain .com
service: tcp://127.0.0.1:21
originRequest:
noTLSVerify: true
tcpKeepAlive: 60s - service: http_status:404
With that configuration, I am able to log in using both the FileZilla application and the ftp command executed from the server, either by using the command ‘sudo cloudflared tunnel --hostname ftp.domain .com --url tcp://localhost:2121’ or without that command. However, when I don’t use that command, I use port 21 and it works fine.
But when I run the cloudflared command on Windows using this command C:\cloudflared.exe access tcp --hostname ftp.domain .com --url localhost:2121 and use the FileZilla application, it doesn’t work.
filezilla configuration :
Protocol : FTP
Host : localhost
Encryption : Only use plain FTP (insecure)
Logon Type : Ask for password
User : xxxx
Output Error from filezilla:
| Status: | Resolving address of localhost |
|---|---|
| Status: | Connecting to [::1]:2121… |
| Status: | Connection attempt failed with ECONNREFUSED - Connection refused by server, trying next address. |
| Status: | Connecting to 127.0.0.1:2121… |
| Status: | Connection established, waiting for welcome message… |
| Status: | Plain FTP is insecure. Please switch to FTP over TLS. |
| Status: | Server does not support non-ASCII characters. |
| Status: | Logged in |
| Status: | Retrieving directory listing… |
| Command: | PWD |
| Response: | 257 / is the current directory |
| Command: | TYPE I |
| Response: | 200 Switching to Binary mode. |
| Command: | PASV |
| Response: | 227 Entering Passive Mode (127,0,0,1,179,174). |
| Command: | LIST |
| Error: | The data connection could not be established: ECONNREFUSED - Connection refused by server |
Output Error from vsftpd.log :
Fri Jun 2 13:48:57 2023 [pid 2796044] FTP response: Client “127.0.0.1”, “220 (vsFTPd 3.0.3)”
Fri Jun 2 13:48:57 2023 [pid 2796044] FTP command: Client “127.0.0.1”, “USER xxx”
Fri Jun 2 13:48:57 2023 [pid 2796044] [xxx] FTP response: Client “127.0.0.1”, “331 Please specify the password.”
Fri Jun 2 13:48:57 2023 [pid 2796044] [xxx] FTP command: Client “127.0.0.1”, “PASS ”
Fri Jun 2 13:48:57 2023 [pid 2796043] [xxx] OK LOGIN: Client “127.0.0.1”
Fri Jun 2 13:48:57 2023 [pid 2796058] [xxx] FTP response: Client “127.0.0.1”, “230 Login successful.”
Fri Jun 2 13:48:57 2023 [pid 2796058] [xxx] FTP command: Client “127.0.0.1”, “PWD”
Fri Jun 2 13:48:57 2023 [pid 2796058] [xxx] FTP response: Client “127.0.0.1”, “257 “/” is the current directory”
Fri Jun 2 13:48:57 2023 [pid 2796058] [xxx] FTP command: Client “127.0.0.1”, “TYPE I”
Fri Jun 2 13:48:57 2023 [pid 2796058] [xxx] FTP response: Client “127.0.0.1”, “200 Switching to Binary mode.”
Fri Jun 2 13:48:57 2023 [pid 2796058] [xxx] FTP command: Client “127.0.0.1”, “PASV”
Fri Jun 2 13:48:57 2023 [pid 2796058] [xxx] FTP response: Client “127.0.0.1”, “227 Entering Passive Mode (127,0,0,1,184,205).”
Fri Jun 2 13:48:57 2023 [pid 2796058] [xxx] FTP command: Client “127.0.0.1”, “LIST”
Fri Jun 2 13:49:35 2023 [pid 2795208] [xxx] FTP response: Client “127.0.0.1”, “425 Failed to establish connection.”