我安装了 vsftpd 并使用 ufw 作为防火墙。我可以连接到 ftp 服务器、登录并更改目录,但从外部和本地主机尝试使用 LIST 命令都会超时。通过阅读其他答案,我相信这是由于我的被动端口未正确打开。但是,据我所知,端口在 ufw 中是打开的。此外,当我运行ufw disable并重试时,问题仍然存在。这种情况发生在与服务器相同的主机上,这让我相信我的系统上存在其他问题。
vsftpd 日志(/var/log/vsftpd)
Tue Jan 2 21:22:03 2024 [pid 2] CONNECT: Client "127.0.0.1"
Tue Jan 2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", "220 (vsFTPd 3.0.3)"
Tue Jan 2 21:22:03 2024 [pid 2] FTP command: Client "127.0.0.1", "FEAT"
Tue Jan 2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", "211-Features:"
Tue Jan 2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " EPRT??"
Tue Jan 2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " EPSV??"
Tue Jan 2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " MDTM??"
Tue Jan 2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " PASV??"
Tue Jan 2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " REST STREAM??"
Tue Jan 2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " SIZE??"
Tue Jan 2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " TVFS??"
Tue Jan 2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " UTF8??"
Tue Jan 2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", "211 End"
Tue Jan 2 21:22:03 2024 [pid 2] FTP command: Client "127.0.0.1", "OPTS UTF8 ON"
Tue Jan 2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", "200 Always in UTF8 mode."
Tue Jan 2 21:22:03 2024 [pid 2] FTP command: Client "127.0.0.1", "USER anonymous"
Tue Jan 2 21:22:03 2024 [pid 2] [anonymous] FTP response: Client "127.0.0.1", "331 Please specify the password."
Tue Jan 2 21:22:03 2024 [pid 2] [anonymous] FTP command: Client "127.0.0.1", "PASS <password>"
Tue Jan 2 21:22:03 2024 [pid 1] [ftp] OK LOGIN: Client "127.0.0.1", anon password "lftp@"
Tue Jan 2 21:22:03 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "230 Login successful."
Tue Jan 2 21:22:03 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "PWD"
Tue Jan 2 21:22:03 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "257 "/" is the current directory"
Tue Jan 2 21:22:08 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /tv"
Tue Jan 2 21:22:08 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Jan 2 21:22:16 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /nonefolder"
Tue Jan 2 21:22:16 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "550 Failed to change directory."
Tue Jan 2 21:22:19 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /"
Tue Jan 2 21:22:19 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Jan 2 21:22:19 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "PASV"
Tue Jan 2 21:22:19 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,39,111)."
Tue Jan 2 21:22:19 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "LIST"
Tue Jan 2 21:22:27 2024 [pid 2] CONNECT: Client "127.0.0.1"
Tue Jan 2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", "220 (vsFTPd 3.0.3)"
Tue Jan 2 21:22:27 2024 [pid 2] FTP command: Client "127.0.0.1", "FEAT"
Tue Jan 2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", "211-Features:"
Tue Jan 2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " EPRT??"
Tue Jan 2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " EPSV??"
Tue Jan 2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " MDTM??"
Tue Jan 2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " PASV??"
Tue Jan 2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " REST STREAM??"
Tue Jan 2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " SIZE??"
Tue Jan 2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " TVFS??"
Tue Jan 2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " UTF8??"
Tue Jan 2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", "211 End"
Tue Jan 2 21:22:27 2024 [pid 2] FTP command: Client "127.0.0.1", "OPTS UTF8 ON"
Tue Jan 2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", "200 Always in UTF8 mode."
Tue Jan 2 21:22:27 2024 [pid 2] FTP command: Client "127.0.0.1", "USER anonymous"
Tue Jan 2 21:22:27 2024 [pid 2] [anonymous] FTP response: Client "127.0.0.1", "331 Please specify the password."
Tue Jan 2 21:22:27 2024 [pid 2] [anonymous] FTP command: Client "127.0.0.1", "PASS <password>"
Tue Jan 2 21:22:27 2024 [pid 1] [ftp] OK LOGIN: Client "127.0.0.1", anon password "lftp@"
Tue Jan 2 21:22:27 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "230 Login successful."
Tue Jan 2 21:22:27 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /tv"
Tue Jan 2 21:22:27 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Jan 2 21:22:27 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "PASV"
Tue Jan 2 21:22:27 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,39,112)."
Tue Jan 2 21:22:27 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "LIST"
Tue Jan 2 21:22:42 2024 [pid 2] CONNECT: Client "127.0.0.1"
Tue Jan 2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", "220 (vsFTPd 3.0.3)"
Tue Jan 2 21:22:42 2024 [pid 2] FTP command: Client "127.0.0.1", "FEAT"
Tue Jan 2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", "211-Features:"
Tue Jan 2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " EPRT??"
Tue Jan 2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " EPSV??"
Tue Jan 2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " MDTM??"
Tue Jan 2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " PASV??"
Tue Jan 2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " REST STREAM??"
Tue Jan 2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " SIZE??"
Tue Jan 2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " TVFS??"
Tue Jan 2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " UTF8??"
Tue Jan 2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", "211 End"
Tue Jan 2 21:22:42 2024 [pid 2] FTP command: Client "127.0.0.1", "OPTS UTF8 ON"
Tue Jan 2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", "200 Always in UTF8 mode."
Tue Jan 2 21:22:42 2024 [pid 2] FTP command: Client "127.0.0.1", "USER anonymous"
Tue Jan 2 21:22:42 2024 [pid 2] [anonymous] FTP response: Client "127.0.0.1", "331 Please specify the password."
Tue Jan 2 21:22:42 2024 [pid 2] [anonymous] FTP command: Client "127.0.0.1", "PASS <password>"
Tue Jan 2 21:22:42 2024 [pid 1] [ftp] OK LOGIN: Client "127.0.0.1", anon password "lftp@"
Tue Jan 2 21:22:42 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "230 Login successful."
Tue Jan 2 21:22:42 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /tv"
Tue Jan 2 21:22:42 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Jan 2 21:22:42 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "PASV"
Tue Jan 2 21:22:42 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,39,106)."
Tue Jan 2 21:22:42 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "LIST"
lftp 日志
[root@ladybug ~]# lftp
lftp :~> open 127.0.0.1
lftp 127.0.0.1:~> cd
cd ok, cwd=/
lftp 127.0.0.1:/> cd tv
cd ok, cwd=/tv
lftp 127.0.0.1:/tv> cd ..
lftp 127.0.0.1:/> cd nonefolder
cd: Access failed: 550 Failed to change directory. (/nonefolder)
lftp 127.0.0.1:/> ls
ls: Fatal error: 500 OOPS:
lftp 127.0.0.1:/> cd tv
lftp 127.0.0.1:/tv> ls
ls: Fatal error: 500 OOPS:
lftp 127.0.0.1:/tv>
Filezilla 日志(与上面两个日志不同)
Status: Connecting to 192.168.1.12:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (192,168,1,12,39,110).
Command: LIST
Error: Could not read from transfer socket: ECONNRESET - Connection reset by peer
Error: Connection closed by server
Error: Failed to retrieve directory listing
Status: Disconnected from server
Status: Connecting to 192.168.1.12:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (192,168,1,12,39,114).
Command: LIST
Error: Connection closed by server
Error: Failed to retrieve directory listing
/etc/vsftpd.conf
log_ftp_protocol=YES
xferlog_enable=YES
pasv_enable=YES
pasv_max_port=10100
pasv_min_port=10090
local_umask=022
anon_umask=022
anonymous_enable=YES
anon_upload_enable=YES
anon_root=/mnt/hdd-8tb/home/ftpd/
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
chown_uploads=YES
chown_username=ftpd
listen=YES
pam_service_name=vsftpd
ufw 规则(活动时)
To Action From
-- ------ ----
20/tcp ALLOW Anywhere
21/tcp ALLOW Anywhere
10090:10100/tcp ALLOW Anywhere
20/tcp (v6) ALLOW Anywhere (v6)
21/tcp (v6) ALLOW Anywhere (v6)
10090:10100/tcp (v6) ALLOW Anywhere (v6)
ftp 根权限
ftpd@ladybug:/mnt/hdd-8tb/home/ftpd$ ls -la
total 52
dr-xr-xr-x 9 ftpd ftpd 4096 Jan 1 18:47 .
drwxr-xr-x 14 root root 4096 Jan 1 18:39 ..
-rw-rw-r-- 1 ftpd ftpd 3339 Jan 2 21:20 .bash_history
-rw-rw-r-- 1 ftpd ftpd 220 Jan 28 2023 .bash_logout
-rw-rw-r-- 1 ftpd ftpd 3771 Jan 28 2023 .bashrc
drwxr-xr-x 9 ftpd ftpd 4096 Jul 29 21:46 books
drwxr-xr-x 5 ftpd ftpd 4096 Apr 13 2023 comics
drwxr-xr-x 10 ftpd ftpd 4096 Dec 31 18:44 games
drwxr-xr-x 7 ftpd ftpd 4096 Aug 25 21:20 movies
drwxr-xr-x 16 ftpd ftpd 4096 Apr 13 2023 music
-rw-rw-r-- 1 ftpd ftpd 807 Jan 28 2023 .profile
drwxr-xr-x 16 ftpd ftpd 4096 Nov 12 20:49 tv
drwxr-xr-x 2 ftpd ftpd 4096 Jan 1 18:47 util
我不知道还能尝试什么。似乎 vsftpd 不接受这些端口上的连接,尽管我指定了它们。目前愿意尝试任何方法。
答案1
在谷歌上进行彻底的搜索后,我找到了与删除 LIST 命令有关的答案。
来自archlinux 维基:
4.7 VSFTPD reset connect via LIST command
> seccomp_sandbox=NO
into the vsftpd.conf file fixes this issue
看起来已经有类似的答案了这里和这里症状不同,但修复方法相同。这两个都没有提到 LIST 的问题,我想这就是我最初没有找到它们的原因。为什么将它添加到 conf 文件中可以修复任何问题?此标志未记录在 vsftpd.conf 手册页、网站或我能找到的任何 wiki 中。下载源代码显示它是 parseconf.c 中的一个有效选项
parseconf.c: { "seccomp_sandbox", &tunable_seccomp_sandbox },
并且看起来默认设置(至少在最新的 vsftpd 版本中)是被禁用的。
tunables.c: tunable_seccomp_sandbox = 0;
我不知道为什么在我的版本中启用了它,为什么这个有缺陷的功能根本没有记录在面向公众的文档中,或者为什么错误消息无法帮助找到解决方案。真的很令人沮丧。无论如何,我希望这个帖子能提供一些背景信息,以防有人遇到同样的问题。