Azure – Running passive FTP in Azure Virtual Machine with vsftpd-linux

Currently, running Passive FTP as smoothly as you would do in a dedicated server isn't possible because of two reasons: one is that Azure currently allows you to open only 25 endpoints (please correct me if I'm wrong) for each server, and the other is the LAN<->Virtual IP connection that Azure uses. Let's take the problems one by one.

Azure currently implements a NAT/firewall/load balancer that forwards traffic from an external Virtual IP to an internal network address (10.0.0.0/8 class). If you run ifconfig on your virtual machine you'll find what I'm talking about. One endpoint is reserved for SSH and I don't believe you really want to disable it. So if another endpoint is reserved to port 21 you can use only 23 PASV ports (as soon as you don't host any other service), strictly limiting the number of clients that can connect simultaneously. Once you accept this, let's go on.

If you opened ports 25003-25006 (one by one) you can use the following configuration to enable them

pasv_enable=YES
pasv_min_port=25003
pasv_max_port=25006

vsftpd and any other FTP server issues a PASV command that basically says "connect to X.Y.W.Z on port AA". Any FTP server is supposed to read the machine's configuration to obtain network address: this is why vsftp basically says "connect to 10.X.Y.Z on port 25003" and, then, why the client hangs!!!

Use the following to tell vsftpd to use a different external address

pasv_addr_resolve=YES
pasv_address=dom.cloudapp.net

Tested, worked and shared with the community!

Notes: Active FTP works as soon as the client is not behind a firewall or a Great Wall, and SFTP is the best alternate to FTP, but unfortunately many legacy applications don't support it.