Help Center > > FAQs> File Transferring> What Should I Do If an ECS with FTP Deployed Cannot Be Accessed Through Internet?

What Should I Do If an ECS with FTP Deployed Cannot Be Accessed Through Internet?

Updated at:Sep 10, 2020 GMT+08:00


  • A Windows ECS with FTP deployed cannot be accessed using an EIP.
  • The FTP client cannot access the FTP server, and the connection timed out.
  • Uploading a file is slow.

Possible Causes

  • The security group to which the target ECS is added blocks external network connections.
  • The firewall of the ECS blocks the FTP process.

Enabling FTP Firewall Support

To allow a HUAWEI CLOUD server to access the FTP server deployed on an ECS using a public IP address (EIP), the FTP server must work in passive mode. In such a case, enable FTP firewall support.

  1. Double-click FTP Firewall Support.

  2. Set parameters and click Apply.
    • Data Channel Port Range: specifies the range of ports used for passive connections. The port range is 1025-65535. Configure this parameter based on site requirements.
    • External IP Address of Firewall: Enter the public IP address of the ECS.

  3. Restart the ECS for the firewall configuration to take effect.

Setting the Security Group and Firewall

After deploying FTP, add a rule to the target security group to allow access to the FTP port in the inbound direction.

After enabling FTP firewall support, allow access to the ports used by the FTP site and the data channel ports used by the FTP firewall in the security group.

By default, the firewall allows access to TCP port 21 for FTP. If another port is used, add an inbound rule that allows access to that port on the firewall.

  1. Log in to the management console.
  2. Click in the upper left corner and select the desired region and project.
  3. Under Computing, click Elastic Cloud Server.
  4. On the Elastic Cloud Server page, click the name of the target ECS.

    The page providing details about the ECS is displayed.

  5. Click the Security Groups tab and view security group rules.
  6. Click the security group ID.

    The system automatically switches to the Security Group page.

  7. On the Inbound Rules tab, click Add Rule and configure the access rule for the inbound direction.

    Set Source to the IP address segment containing the IP addresses allowed to access the ECS over the Internet.

    The valid port range that can be specified in Enabling FTP Firewall Support is 1025-65535. For example, the configured data port range is 5000-6000.

    The default source IP address indicates that all IP addresses can access ECSs in the security group.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?

Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel