|
|
|
ВНИМАНИЕ: Използвайте форумите на сайта за дa зададете вашите въпроси.
| Въпрос |
| От: ss |
Дата: 03/16/2007 |
Здравейте имам следната конфигурация на vsftpd server
и работи перфе.
Ако сложа обаче ssl поддръжка и спира да работи, по-точно
клиента се връзва, но при "LIST" - ftp-to загубва връзка - в
лога няма нищо!
ето configa и лога на клиента
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
log_ftp_protocol=YES
ftpd_banner=Welcome to Lessno FTP service.
chroot_list_enable=YES
passwd_chroot_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=NO
anon_umask=077
local_umask=022
nopriv_user=ftp
pasv_enable=YES
anon_root=/var/ftp
до тук работи - после като сложа настройките за SSL
ssl_enable=YES
allow_anon_ssl=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_cert_file=/etc/vsftpd/vsftpd.pem
и клиента казва:
Status: Connecting to xxx.xxx.xxx.xxx ...
Status: Connected with xxx.xxx.xxx.xxx, negotiating SSL
connection...
Response: 220 Welcome to Lessno FTP service.
Command: AUTH SSL
Response: 234 Proceed with negotiation.
Status: SSL connection established. Waiting for welcome
message...
Command: USER test
Response: 331 Please specify the password.
Command: PASS ******
Response: 230 Login successful.
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: AUTH SSL
Response: AUTH TLS
Response: EPRT
Response: EPSV
Response: MDTM
Response: PASV
Response: PBSZ
Response: PROT
Response: REST STREAM
Response: SIZE
Response: TVFS
Response: 211 End
Command: PBSZ 0
Response: 200 PBSZ set to 0.
Command: PROT P
Response: 200 PROT now Private.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/"
Command: TYPE A
Response: 200 Switching to ASCII mode.
Command: PASV
Response: 227 Entering Passive Mode
(xxx,xxx,xxx,xxx,220,249)
Command: LIST
Error: Transfer channel can't be opened. Reason: A
connection attempt failed because the connected party did
not properly respond after a period of time, or established
connection failed because connected host has failed to
respond.
Error: Could not retrieve directory listing
Command: REST 0
Благодаря предварително
|
| Отговор #1 |
| От: ss |
Дата: 03/16/2007 |
Значи разбрах къде е проблема - във firewall-a
Не знам защо след установяване на SLL сесията клиента се
конектва към рандъм порт над 1024 към съревера!
И за това не става!
Ako някой знае как да избегна това...
10x
|
| Отговор #2 |
| От: ss |
Дата: 03/16/2007 |
sled dosta rovene namirh niakakvo obiasnenie:
If I'm reading this right, the client tries passive mode,
fails, then tries
active mode instead.
Passive mode requires the server to allow incoming
connections on arbitrary
high ports, which means either opening a HUGE hole in the
firewall, or
telling vsftpd what range to use for passive mode (I don't
have the docs in
front of me, but it's something like pasv_min_port and
pasv_max_port), and
open a smaller hole in the firewall allowing those ports.
You should allow
as many ports as you expect simultaneous file transfers.
Active mode has trouble with firewalls on the client side,
but there are
hacks to handle that. However, those hacks require being
able to sniff the
data stream, and your SSL encryption prevents that.
The solution is to make passive mode work, or don't use
SSL.
И така:
добавяме тези два реда - за фиксиран рейндж на портове които
да ползва vsftpd-to отваряме firewall-a
и- воала!
pasv_min_port=30000
pasv_max_port=30010
|
<< Kompilirane na Kernel (7
) | intel8x0 (9
) >>
|
|
|
|
|
|
