DigitalOcean

Report this

What is the reason for this report?
Question

how to add proxy rules to connect to ftp(proftpd) installed in lxd container from network ?

Posted on September 1, 2020
Container
Linux Commands
audebertc

By audebertc

i was already created lxd instance, ubuntu18.04 named ‘store’, with apache2, that can be acceded by proxy rule added with

lxc config device add store store90 proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80

working, i can open defaut page, modified to verify… the host is in virtuelbox with ip 192.168.1.33 and http://192.168.1.33 work like a charm

so, installed proftpd server,and want to connect to it from my network i was modified proftpd MasqueradeAddress 192.168.1.33 to rely on external host address, and defined PassivePorts 49152 65534
tried some proxy setting, but connexion fail when passing to passive connection. filezilla log:

Status:	Connecting to 192.168.1.33:21...
Status:	Connection established, waiting for welcome message...
Status:	Insecure server, it does not support FTP over TLS.
Status:	Logged in
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is the current directory
Command:	TYPE I
Response:	200 Type set to I
Command:	PASV
Response:	227 Entering Passive Mode (192,168,1,33,216,239).
Command:	LIST
Error:	The data connection could not be established: ECONNREFUSED - Connection refused by server
Error:	Connection timed out after 20 seconds of inactivity
Error:	Failed to retrieve directory listing

in the host, the devices network are:

devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: lxdbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
  store80:
    connect: tcp:127.0.0.1:80
    listen: tcp:0.0.0.0:80
    type: proxy
  storeftp21:
    connect: tcp:127.0.0.1:21
    listen: tcp:0.0.0.0:21
    type: proxy
  storeftp22:
    connect: tcp:127.0.0.1:22
    listen: tcp:0.0.0.0:22
    type: proxy
  storeftppassive:
    connect: tcp:127.0.0.1:49152-65534
    listen: tcp:0.0.0.0:49152-65534
    type: proxy

any help ?? or link to real working solution to set proxy for lxd with proftpd ? i searched and founded very obscur solutions, nothing that i can understand now… please help…



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
KFSys
KFSys
July 10, 2023

Heya,

FTP is quite a complex protocol when it comes to making it work through network address translation (NAT), firewalls or in your case, LXD’s proxy device. This complexity comes from the fact that FTP, unlike HTTP or most other protocols, uses multiple ports to establish the connection: one for the control connection (port 21 by default) and a range of ports for the data connection. This is likely why you’re seeing a failure to retrieve directory listings - the control connection is working, but the data connection is not.

The LXD proxy device type does not fully support FTP. This is due to the aforementioned complexity with the data connection ports. It simply isn’t designed to handle the way FTP works with its separate control and data connections.

There are some alternatives you could consider:

  1. FTP Passive Mode with Manual Port Forwarding: If you have control over the network, you could manually map the ports at the network level from the host to the container. This might involve configuring settings on your router or using iptables rules on the host. You’ve already configured ProFTPD with a PassivePorts range, so you would need to forward this entire range of ports.

  2. Use SFTP instead of FTP: SFTP (SSH File Transfer Protocol) is a more modern protocol that operates over a single port (usually 22), making it much more NAT and firewall friendly. If you’re not specifically required to use FTP, this could be a simpler solution. Most modern FTP clients also support SFTP.

  3. Use a different protocol: Depending on your use case, you might consider using a different protocol entirely. For example, if you’re serving files to users over the web, you might consider using HTTP or HTTPS instead.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.