我尝试在防火墙后面配置pureftpd作为被动ftp / TLS服务器。 代理机器:
Scenario1:
- Client1: connect OK, login OK, command 'ls':
gets OK, after PASV:
---> PASV
GNUTLS: REC[0x28ecce0]: Sending Packet[9] Application Data(23) with length: 6
GNUTLS: REC[0x28ecce0]: Sent Packet[10] Application Data(23) with length: 37
GNUTLS: ASSERT: gnutls_buffers.c:322
GNUTLS: ASSERT: gnutls_buffers.c:322
GNUTLS: REC[0x28ecce0]: Expected Packet[9] Application Data(23) with length: 65536
GNUTLS: REC[0x28ecce0]: Received Packet[9] Application Data(23) with length: 64
GNUTLS: REC[0x28ecce0]: Decrypted Packet[9] Application Data(23) with length: 31
<--- 200 Protection set to Private
---> LIST
---> ABOR
有趣的事情:来自服务器的227,我在pureftpd的偏执日志中看到,我在客户端上看不到 - 只有200保护设置为私有 ...等待cca 30秒并使用ACTIVE(!!)模式重新连接 - &gt; LS
Scenario2 :
- using Client2 (sorry for czech locales):
---> USER xxxxxx
<--- 331 Password required for xxxxxx
---> PASS XXXX
<--- 230 User xxxxxx logged in
---> PWD
<--- 230 Ls oi a:2013-01-03 21:19:00
---> PBSZ 0
<--- 257 "/" is the current directory
---> PROT P
<--- 200 PBSZ 0 successful
---> PASV
<--- 200 Protection set to Private
---> LIST
---> ABOR
---- Přerušený datový socket bude uzavřen (means closing data socket)
---- Řídicí socket bude uzavřen (means closing control socket)
---- Pasivní režim bude vypnut (means Passive will be turned off)
---- dns cache hit
---- Navazuje se spojení na ftp1.xxxxxxxxx.cz (ww.xx.yy.zz) port 21
<--- 220 ww.xx.yy.zz FTP server ready
...
---> USER xxxxxx
<--- 331 Password required for xxxxxx
---> PASS XXXX
<--- 230 User xxxxxx logged in
---> PWD
<--- 230 Ls oi a:2013-01-03 21:19:22
---> PBSZ 0
<--- 257 "/" is the current directory
---> PROT P
<--- 200 PBSZ 0 successful
---> PORT 192,168,5,xx,185,136
<--- 200 Protection set to Private
---> LIST
<--- 500 Illegal PORT command
---- Closing data socket
---> QUIT
ls: Nepřekonatelná chyba: 500 Illegal PORT command
<--- 425 Unable to build data connection: Connection refused
NAT机器上的iptables不会在端口64000:64300上增加我的会计计数器,所以我希望根本没有被动连接。
答案 0 :(得分:0)
所以...真正的问题是第二次回复230:
---> PWD
<--- 230 Ls oi a:2013-01-03 21:19:22
这是PureFTPd 1.3.3a的已知问题(默认debian挤压) 解决方案是从wheezy(1.3.4a-2)编译PureFTPd,现在一切正常。 谢谢大家,他们试图弄清楚发生了什么。 Tldv