我已经设置FTP服务器(Ubuntu 13.04 / Picuntu 4.4)使用vsftpd。普通的 FTP 工作得很好。为了确保连接安全,我添加了安全套接字加密。客户端接受证书后,服务器接受登录凭据。然而,在客户端接受证书后,客户端出现了问题LIST命令。
FTP 客户端日志在这里:
Status: Resolving address of my_website.info Status: Connecting to 93.123.456.789:21... Status: Connection established, waiting for welcome message... Response: 220 Welcome to My Website. Command: AUTH TLS Response: 234 Proceed with negotiation. Status: Initializing TLS... Status: Verifying certificate... Command: USER ftpuser1 Status: TLS/SSL connection established. Response: 331 Please specify the password. Command: PASS ****** Response: 230 Login successful. Command: SYST Response: 215 UNIX Type: L8 Command: FEAT Response: 211-Features: Response: AUTH TLS Response: EPRT Response: EPSV Response: MDTM Response: PASV Response: PBSZ Response: PROT Response: REST STREAM Response: SIZE Response: TVFS Response: UTF8 Response: 211 End Command: OPTS UTF8 ON Response: 200 Always in UTF8 mode. Command: PBSZ 0 Response: 200 PBSZ set to 0. Command: PROT P Response: 200 PROT now Private. Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" Command: TYPE I Response: 200 Switching to Binary mode. Command: PASV Response: 227 Entering Passive Mode (93,123,456,789,11,200). Command: LIST Response: 150 Here comes the directory listing. Error: Connection timed out Error: Failed to retrieve directory listing
-- 我在许多论坛上搜索了有关此问题的信息,但找不到任何解决方案。经过多日的反复尝试,我在这里寻求一些指导。连接是被动的,服务器明确指定客户端的外部 IP 地址,并指定一个狭窄范围内的端口,即 3000-3030 VSFTPD 配置文件在这里:
listen=YES anonymous_enable=NO local_enable=YES chroot_local_user=YES chroot_list_enable=NO pam_service_name=ftp check_shell=NO ftpd_banner=Welcome to my website. userlist_enable=YES userlist_deny=NO max_clients=5 max_per_ip=2 pasv_enable=YES pasv_min_port=3000 pasv_max_port=3030 pasv_address=93.123.4xx.7xx # (external IP address of the server) pasv_addr_resolve=NO write_enable=NO ssl_enable=YES force_local_logins_ssl=YES force_local_data_ssl=YES ssl_tlsv1=YES rsa_cert_file=/etc/ssl/vsftpd/vsftpd.pem rsa_private_key_file=/etc/ssl/vsftpd/vsftpd.pem
我在路由器中设置了正确的端口转发,即端口 21 以及 3000-3030 范围内的端口都转发到服务器机器。此外,每当我尝试从任何位置连接到服务器时,我都可以看到服务器分配的端口在 3000-3030 范围内(例如,在上面的消息中 11*256+200=3016!)