主页 / user-1757565

joebird's questions

Martin Hope
joebird
Asked: 2024-01-03 12:32:59 +0800 CST
  • 5

我安装了 vsftpd 并使用 ufw 作为我的防火墙。我可以连接到 ftp 服务器、登录并更改目录,但任何使用 LIST 命令的尝试都会从外部和本地主机超时。通过阅读其他答案,我相信这是由于我的被动端口未正确打开造成的。然而,据我所知,ufw 中的端口是开放的。另外,当我运行ufw disable并重试时,问题仍然出现。事实上,这种情况发生在与服务器相同的主机上,这让我相信我的系统上还有其他问题。

vsftpd 日志 (/var/log/vsftpd)

Tue Jan  2 21:22:03 2024 [pid 2] CONNECT: Client "127.0.0.1"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", "220 (vsFTPd 3.0.3)"
Tue Jan  2 21:22:03 2024 [pid 2] FTP command: Client "127.0.0.1", "FEAT"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", "211-Features:"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " EPRT??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " EPSV??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " MDTM??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " PASV??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " REST STREAM??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " SIZE??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " TVFS??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " UTF8??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", "211 End"
Tue Jan  2 21:22:03 2024 [pid 2] FTP command: Client "127.0.0.1", "OPTS UTF8 ON"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", "200 Always in UTF8 mode."
Tue Jan  2 21:22:03 2024 [pid 2] FTP command: Client "127.0.0.1", "USER anonymous"
Tue Jan  2 21:22:03 2024 [pid 2] [anonymous] FTP response: Client "127.0.0.1", "331 Please specify the password."
Tue Jan  2 21:22:03 2024 [pid 2] [anonymous] FTP command: Client "127.0.0.1", "PASS <password>"
Tue Jan  2 21:22:03 2024 [pid 1] [ftp] OK LOGIN: Client "127.0.0.1", anon password "lftp@"
Tue Jan  2 21:22:03 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "230 Login successful."
Tue Jan  2 21:22:03 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "PWD"
Tue Jan  2 21:22:03 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "257 "/" is the current directory"
Tue Jan  2 21:22:08 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /tv"
Tue Jan  2 21:22:08 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Jan  2 21:22:16 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /nonefolder"
Tue Jan  2 21:22:16 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "550 Failed to change directory."
Tue Jan  2 21:22:19 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /"
Tue Jan  2 21:22:19 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Jan  2 21:22:19 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "PASV"
Tue Jan  2 21:22:19 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,39,111)."
Tue Jan  2 21:22:19 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "LIST"
Tue Jan  2 21:22:27 2024 [pid 2] CONNECT: Client "127.0.0.1"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", "220 (vsFTPd 3.0.3)"
Tue Jan  2 21:22:27 2024 [pid 2] FTP command: Client "127.0.0.1", "FEAT"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", "211-Features:"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " EPRT??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " EPSV??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " MDTM??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " PASV??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " REST STREAM??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " SIZE??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " TVFS??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " UTF8??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", "211 End"
Tue Jan  2 21:22:27 2024 [pid 2] FTP command: Client "127.0.0.1", "OPTS UTF8 ON"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", "200 Always in UTF8 mode."
Tue Jan  2 21:22:27 2024 [pid 2] FTP command: Client "127.0.0.1", "USER anonymous"
Tue Jan  2 21:22:27 2024 [pid 2] [anonymous] FTP response: Client "127.0.0.1", "331 Please specify the password."
Tue Jan  2 21:22:27 2024 [pid 2] [anonymous] FTP command: Client "127.0.0.1", "PASS <password>"
Tue Jan  2 21:22:27 2024 [pid 1] [ftp] OK LOGIN: Client "127.0.0.1", anon password "lftp@"
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "230 Login successful."
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /tv"
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "PASV"
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,39,112)."
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "LIST"
Tue Jan  2 21:22:42 2024 [pid 2] CONNECT: Client "127.0.0.1"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", "220 (vsFTPd 3.0.3)"
Tue Jan  2 21:22:42 2024 [pid 2] FTP command: Client "127.0.0.1", "FEAT"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", "211-Features:"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " EPRT??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " EPSV??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " MDTM??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " PASV??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " REST STREAM??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " SIZE??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " TVFS??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " UTF8??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", "211 End"
Tue Jan  2 21:22:42 2024 [pid 2] FTP command: Client "127.0.0.1", "OPTS UTF8 ON"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", "200 Always in UTF8 mode."
Tue Jan  2 21:22:42 2024 [pid 2] FTP command: Client "127.0.0.1", "USER anonymous"
Tue Jan  2 21:22:42 2024 [pid 2] [anonymous] FTP response: Client "127.0.0.1", "331 Please specify the password."
Tue Jan  2 21:22:42 2024 [pid 2] [anonymous] FTP command: Client "127.0.0.1", "PASS <password>"
Tue Jan  2 21:22:42 2024 [pid 1] [ftp] OK LOGIN: Client "127.0.0.1", anon password "lftp@"
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "230 Login successful."
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /tv"
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "PASV"
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,39,106)."
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "LIST"

ftp日志

[root@ladybug ~]# lftp
lftp :~> open 127.0.0.1
lftp 127.0.0.1:~> cd
cd ok, cwd=/
lftp 127.0.0.1:/> cd tv
cd ok, cwd=/tv
lftp 127.0.0.1:/tv> cd ..
lftp 127.0.0.1:/> cd nonefolder
cd: Access failed: 550 Failed to change directory. (/nonefolder)
lftp 127.0.0.1:/> ls
ls: Fatal error: 500 OOPS:           
lftp 127.0.0.1:/> cd tv
lftp 127.0.0.1:/tv> ls
ls: Fatal error: 500 OOPS:                 
lftp 127.0.0.1:/tv>

Filezilla 日志(与上面两个不同的运行)

Status: Connecting to 192.168.1.12:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is the current directory
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   227 Entering Passive Mode (192,168,1,12,39,110).
Command:    LIST
Error:  Could not read from transfer socket: ECONNRESET - Connection reset by peer
Error:  Connection closed by server
Error:  Failed to retrieve directory listing
Status: Disconnected from server
Status: Connecting to 192.168.1.12:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is the current directory
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   227 Entering Passive Mode (192,168,1,12,39,114).
Command:    LIST
Error:  Connection closed by server
Error:  Failed to retrieve directory listing

/etc/vsftpd.conf

log_ftp_protocol=YES
xferlog_enable=YES
pasv_enable=YES
pasv_max_port=10100
pasv_min_port=10090
local_umask=022
anon_umask=022
anonymous_enable=YES
anon_upload_enable=YES
anon_root=/mnt/hdd-8tb/home/ftpd/
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
chown_uploads=YES
chown_username=ftpd
listen=YES
pam_service_name=vsftpd

ufw 规则(激活时)

To                         Action      From
--                         ------      ----
20/tcp                     ALLOW       Anywhere                  
21/tcp                     ALLOW       Anywhere                  
10090:10100/tcp            ALLOW       Anywhere                  
20/tcp (v6)                ALLOW       Anywhere (v6)             
21/tcp (v6)                ALLOW       Anywhere (v6)             
10090:10100/tcp (v6)       ALLOW       Anywhere (v6)

ftp root权限

ftpd@ladybug:/mnt/hdd-8tb/home/ftpd$ ls -la
total 52
dr-xr-xr-x  9 ftpd ftpd 4096 Jan  1 18:47 .
drwxr-xr-x 14 root root 4096 Jan  1 18:39 ..
-rw-rw-r--  1 ftpd ftpd 3339 Jan  2 21:20 .bash_history
-rw-rw-r--  1 ftpd ftpd  220 Jan 28  2023 .bash_logout
-rw-rw-r--  1 ftpd ftpd 3771 Jan 28  2023 .bashrc
drwxr-xr-x  9 ftpd ftpd 4096 Jul 29 21:46 books
drwxr-xr-x  5 ftpd ftpd 4096 Apr 13  2023 comics
drwxr-xr-x 10 ftpd ftpd 4096 Dec 31 18:44 games
drwxr-xr-x  7 ftpd ftpd 4096 Aug 25 21:20 movies
drwxr-xr-x 16 ftpd ftpd 4096 Apr 13  2023 music
-rw-rw-r--  1 ftpd ftpd  807 Jan 28  2023 .profile
drwxr-xr-x 16 ftpd ftpd 4096 Nov 12 20:49 tv
drwxr-xr-x  2 ftpd ftpd 4096 Jan  1 18:47 util

我不知道还能尝试什么。看起来 vsftpd 就是不接受这些端口上的连接,即使我指定了它们。此刻什么都愿意尝试。

firewall