我正在运行Fedora Core 13,并且我已经启动了vsftpd(vsftpd-2.2.2-7.fc13.x86_64),并且可以login,但是它一直挂起:
$ ftp xxx.local Connected to xxx.local. 220 (vsFTPd 2.2.2) Name (xxx.local:xxx): xxx 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. 它挂了一段时间,然后返回…
421 Service not available, remote server timed out. Connection closed.
这是我的vsftpd.conf:
anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_file=/var/log/vsftpd.log xferlog_std_format=NO listen=YES pam_service_name=vsftpd userlist_enable=YES userlist_deny=NO tcp_wrappers=YES
这是我的IPTABLES:
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT -A INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p tcp --dport 5150 -j ACCEPT -A INPUT -s 192.168.0.0/24 -p udp -m udp --dport 137 -j ACCEPT -A INPUT -s 192.168.0.0/24 -p udp -m udp --dport 138 -j ACCEPT -A INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT -A INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
我也有以下添加到我的iptablesconfiguration:
IPTABLES_MODULES="nf_conntrack_ftp"
任何想法,为什么它挂在那一点?
尝试使用lftp来获得更好的输出debugging集作为客户端并将其粘贴到此处; 例如:
$ lftp -u <username> localhost Password: lftp user@localhost:~> debug 5 lftp user@localhost:~> ls ---- Connecting to localhost (127.0.0.1) port 21 <--- 220 (vsFTPd 2.2.2) ---> FEAT <--- 211-Features: <--- EPRT <--- EPSV <--- MDTM <--- PASV <--- REST STREAM <--- SIZE <--- TVFS <--- UTF8 <--- 211 End ---> OPTS UTF8 ON <--- 200 Always in UTF8 mode. ---> USER user <--- 331 Please specify the password. ---> PASS XXXX <--- 230 Login successful. ---> PWD <--- 257 "/home/user" ---> PASV <--- 227 Entering Passive Mode (127,0,0,1,159,49). ---- Connecting data socket to (127.0.0.1) port 40753 ---> LIST <--- 150 Here comes the directory listing. <--- 226 Directory send OK.
我们需要看到更好的客户端debugging,以确定连接挂起的位置; 最有可能的是被动端口。 我不信任iptables模块,而是在vsftpd.conf中设置最小和最大端口:
ftp_data_port=20 listen_port=21 pasv_min_port=64123 pasv_max_port=64321
…然后在你的iptables中打开这个范围。 在处理港口时,我倾向于明确而不是隐含的。