[SOLVED] – WHM Cpanel on Amazon EC2 Servers + FTP TLS Dreamweaver Issue

October 12, 2016

One of my customers has an Amazon EC2 instance with WHM installed. A decision was made recently to close off port 21 and force FTP over TLS for better security during ftp sessions.

However, one of the team was saying they could not get Dreamweaver to connect  and was getting an error when trying to connect with TLS. All his settings seemed fine and in fact I also was able to replicate his issue on my local copy of Dreamweaver CC 2016 so I turned my attention to the web server on Amazon.

After ALOT of searching about, I found that, if we want to force FTP over TLS on an Amazon EC2 instance, I  had to make a change to the /etc/pure-ftpd.conf file by adding the main server ip to the ForcePassiveIP setting. The reason for this is that EC2 instances use NAT routing and dynamic IP’s and you need to provide a fixed IP so that the passive mode can send the return response back down the correct route, otherwise it does not know where to go.

Here is the changes I had to make.

Side Note: If you are forcing TLS, then make sure that you have already configured your PassivePortRange inside the /etc/pure-ftpd.conf file and also allowed the ports to be open on your firewall. Here is another post giving some details on how to do that.

STEP 1: Open up the FTP config file.

pico /etc/pure-ftpd.conf

STEP 2: Add your server IP to the ForcePassiveIP setting. This will be the main Public IP of your server.

# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
# Symbolic host names are also accepted for gateways with dynamic IP
# addresses.

# ForcePassiveIP                192.168.0.1
ForcePassiveIP                  <your_public_facing_server_ip_here>

STEP 3: Restart FTP server

/usr/local/cpanel/scripts/restartsrv pureftpd

After that, TLS on Dreamweaver was working perfectly.