LAN 接口上的 ProFTPd 访问被拒绝

tag-icon tag-icon wifi ftp freenas proftpd
LAN 接口上的 ProFTPd 访问被拒绝

我的家庭 FTP 服务器上遇到了这个超级奇怪的访问被拒绝问题。症状是我只能通过无线接口访问它。当禁用 Wifi 并使用以太网时,我的访问被拒绝。

NcFTP 3.2.5 (Feb 02, 2011) by Mike Gleason (http://www.NcFTP.com/contact/).
ncftp> debug 1
ncftp> open 192.168.1.134
> open 192.168.1.134

LibNcFTP 3.2.5 (January 17, 2011) compiled for linux-x86_64-glibc2.21                                                                                                                                                                                                           
Uname: Linux|Korhal|4.4.0-87-generic|#110-Ubuntu SMP Tue Jul 18 12:55:35 UTC 2017|x86_64
Contents of /etc/debian_version:
  stretch/sid
Contents of /etc/issue:
  Ubuntu 16.04.3 LTS \n \l
Glibc: 2.23 (stable)
Remote server is running ProFTPD.

ProFTPD 1.3.4d Server (foxnfish FTP Server) [::ffff:192.168.1.134]
220: ProFTPD 1.3.4d Server (foxnfish FTP Server) [::ffff:192.168.1.134]                                                                                                                                                                                                         
Connected to 192.168.1.134.
Cmd: USER anonymous
331: Anonymous login ok, send your complete email address as your password
Cmd: PASS NcFTP@
530: Access denied
Access denied
Cmd: QUIT
221: Goodbye.

我的 ifconfig 的输出

enp0s25   Link encap:Ethernet  HWaddr 00:1c:25:78:d5:06  
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: **** Scope:Link
          inet6 addr: **** Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:29531724 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4256164 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:42081203522 (42.0 GB)  TX bytes:851356778 (851.3 MB)
          Interrupt:20 Memory:fe200000-fe220000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:198 errors:0 dropped:0 overruns:0 frame:0
          TX packets:198 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:16160 (16.1 KB)  TX bytes:16160 (16.1 KB)

wls3      Link encap:Ethernet  HWaddr 00:1f:3b:04:58:59  
          inet addr:192.168.1.143  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: **** Scope:Global
          inet6 addr: **** Scope:Link
          inet6 addr: ****/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:303586 errors:0 dropped:0 overruns:0 frame:0
          TX packets:157656 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:452487811 (452.4 MB)  TX bytes:15696186 (15.6 MB)

Proftd配置文件

ServerName "foxnfish FTP Server"
ServerType standalone
DefaultServer on
DefaultAddress foxnfish
UseIPv6 on
Port 21
User nobody
Group nogroup
Umask 000 000
SyslogFacility ftp
MultilineRFC2228 off
DisplayLogin /var/run/proftpd/proftpd.motd
DeferWelcome off
TimeoutIdle 600
TimeoutLogin 300
TimeoutNoTransfer 300
TimeoutStalled 3600
MaxInstances none
MaxClients 5
MaxConnectionsPerHost 10
MaxLoginAttempts  1
DefaultTransferMode ascii
IdentLookups off
UseReverseDNS off

<Limit LOGIN>
  AllowGroup ftp
  DenyAll
</Limit>

<Global>
  RequireValidShell off
  DefaultRoot ~ !wheel
  AllowOverwrite on
  DeleteAbortedStores off
  TimesGMT off
</Global>

<IfModule mod_ban.c>
  BanEngine off
  BanControlsACLs all allow group wheel
  BanLog /var/log/proftpd/ban.log
  BanMessage Host %a has been banned
  BanTable /var/run/proftpd/ban.tab
</IfModule>

<IfModule mod_delay.c>
  DelayEngine on
  DelayTable "/var/run/proftpd/proftpd.delay"
</IfModule>

<IfModule mod_wrap.c>
  TCPAccessFiles /etc/hosts.allow /etc/hosts.deny
  TCPAccessSyslogLevels info warn
  TCPServiceName ftpd
</ifModule>

/etc/hosts.allow

#ftpd  : xxx.xxx.xxx.xxx : deny
#sshd : .example.com : deny
#in.tftpd : xxx.xxx.xxx.xxx : deny
#bsnmpd : xxx.xxx.xxx.xxx : deny
ALL : ALL : allow

/etc/hosts.deny 为空

可能出了什么问题?

答案1

感谢@wurtel 的提示。我检查了proftpD的配置文件,发现有两个文件名为hosts.allow和hosts.deny。虽然这两个文件的内容看起来很无辜。

/etc/hosts.allow

#ftpd  : xxx.xxx.xxx.xxx : deny
#sshd : .example.com : deny
#in.tftpd : xxx.xxx.xxx.xxx : deny
#bsnmpd : xxx.xxx.xxx.xxx : deny
ALL : ALL : allow

/etc/hosts.deny 为空

当我进一步检查服务器日志并注意到这些错误日志时。

Feb 18 21:51:55 foxnfish proftpd[19657]: 192.168.1.134 (192.168.1.2[192.168.1.2]) - mod_wrap/1.2.4: using access files: /etc/hosts.allow, /etc/hosts.deny 
Feb 18 21:51:55 foxnfish proftpd[19657]: 192.168.1.134 (192.168.1.2[192.168.1.2]) - mod_wrap/1.2.4: refused connection from ::ffff:192.168.1.2 
Feb 18 21:54:15 foxnfish proftpd[19659]: 192.168.1.134 (192.168.1.146[192.168.1.146]) - mod_wrap/1.2.4: using access files: /etc/hosts.allow, /etc/hosts.deny 
Feb 18 21:54:15 foxnfish proftpd[19659]: 192.168.1.134 (192.168.1.146[192.168.1.146]) - mod_wrap/1.2.4: allowed connection from iMac.xxx.xxx.xxx.net

因此,对于我的无线连接,我的源地址是以本地域主机的格式解析的。但是当从以太网连接时,我的源地址是一些奇怪的IP。我猜它与hosts.allow不匹配

由于这是一个嵌入式 Nas4Free 版本,我真的无法修改hosts.allow 文件。快速解决方案是完全关闭 proftpd_modwrap_enable。

对于在Nas4Free上使用proftpD的人,您可以通过将proftpd_modwrap_enable设置为NO来关闭此模块System|Advanced|rc.conf

相关内容