|
|
VNIMANIE: Izpolzvaite forumite na saita za da zadadete vashite vuprosi.
Vupros |
Ot: ss |
Data: 03/16/2007 |
Zdraveite imam slednata konfiguratsiia na vsftpd server
i raboti perfe.
Ako slozha obache ssl poddruzhka i spira da raboti, po-tochno
klienta se vruzva, no pri "LIST" - ftp-to zagubva vruzka - v
loga niama nishto!
eto configa i loga na klienta
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
log_ftp_protocol=YES
ftpd_banner=Welcome to Lessno FTP service.
chroot_list_enable=YES
passwd_chroot_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=NO
anon_umask=077
local_umask=022
nopriv_user=ftp
pasv_enable=YES
anon_root=/var/ftp
do tuk raboti - posle kato slozha nastroikite za SSL
ssl_enable=YES
allow_anon_ssl=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_cert_file=/etc/vsftpd/vsftpd.pem
i klienta kazva:
Status: Connecting to xxx.xxx.xxx.xxx ...
Status: Connected with xxx.xxx.xxx.xxx, negotiating SSL
connection...
Response: 220 Welcome to Lessno FTP service.
Command: AUTH SSL
Response: 234 Proceed with negotiation.
Status: SSL connection established. Waiting for welcome
message...
Command: USER test
Response: 331 Please specify the password.
Command: PASS ******
Response: 230 Login successful.
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: AUTH SSL
Response: AUTH TLS
Response: EPRT
Response: EPSV
Response: MDTM
Response: PASV
Response: PBSZ
Response: PROT
Response: REST STREAM
Response: SIZE
Response: TVFS
Response: 211 End
Command: PBSZ 0
Response: 200 PBSZ set to 0.
Command: PROT P
Response: 200 PROT now Private.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/"
Command: TYPE A
Response: 200 Switching to ASCII mode.
Command: PASV
Response: 227 Entering Passive Mode
(xxx,xxx,xxx,xxx,220,249)
Command: LIST
Error: Transfer channel can't be opened. Reason: A
connection attempt failed because the connected party did
not properly respond after a period of time, or established
connection failed because connected host has failed to
respond.
Error: Could not retrieve directory listing
Command: REST 0
Blagodaria predvaritelno
|
Otgovor #1 |
Ot: ss |
Data: 03/16/2007 |
Znachi razbrah kude e problema - vuv firewall-a
Ne znam zashto sled ustanoviavane na SLL sesiiata klienta se
konektva kum randum port nad 1024 kum surevera!
I za tova ne stava!
Ako niakoi znae kak da izbegna tova...
10x
|
Otgovor #2 |
Ot: ss |
Data: 03/16/2007 |
sled dosta rovene namirh niakakvo obiasnenie:
If I'm reading this right, the client tries passive mode,
fails, then tries
active mode instead.
Passive mode requires the server to allow incoming
connections on arbitrary
high ports, which means either opening a HUGE hole in the
firewall, or
telling vsftpd what range to use for passive mode (I don't
have the docs in
front of me, but it's something like pasv_min_port and
pasv_max_port), and
open a smaller hole in the firewall allowing those ports.
You should allow
as many ports as you expect simultaneous file transfers.
Active mode has trouble with firewalls on the client side,
but there are
hacks to handle that. However, those hacks require being
able to sniff the
data stream, and your SSL encryption prevents that.
The solution is to make passive mode work, or don't use
SSL.
I taka:
dobaviame tezi dva reda - za fiksiran reindzh na portove koito
da polzva vsftpd-to otvariame firewall-a
i- voala!
pasv_min_port=30000
pasv_max_port=30010
|
<< Kompilirane na Kernel (7
) | intel8x0 (9
) >>
|
|
|
|
|