我将proftpd设置为使用ssl / tls。尝试连接时出现“非法端口命令”
Finding Host xxx.nl ...
Connecting to xxx.xxx.xxx.xxx:21
Connected to xxx.xxx.xxx.xxx:21 in 0.018001 seconds, Waiting for Server
Response
Initializing SSL Session ...
220 FTP Server ready.
AUTH TLS
234 AUTH TLS successful
SSL session NOT set for reuse
SSL Session Started.
Host type (1): AUTO
USER xxx
331 Password required for xxx
PASS (hidden)
230 User xxx logged in
SYST
215 UNIX Type: L8
Host type (2): Unix (Standard)
PBSZ 0
200 PBSZ 0 successful
PROT P
200 Protection set to Private
PWD
257 "/" is the current directory
CWD /var/www/html/
250 CWD command successful
PWD257 "/var/www/html/" is the current directory
TYPE A
200 Type set to A
PORT 192,168,192,14,211,181
500 Illegal PORT command
Port failed 500 Illegal PORT command
PASV
227 Entering Passive Mode (xxx,xxx,xxx,xxx,160,151).
connecting data channel to xxx.xxx.xxx.xxx:160,151(41111)
Failed to connect data channel to xxx.xxx.xxx.xxx:160,151(41111)
iptables:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere /* 000 accept all icmp */
ACCEPT all -- anywhere anywhere /* 001 accept all to lo interface */
REJECT all -- anywhere loopback/8 /* 002 reject local traffic not on loopback interface */ reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere /* 003 accept all to eth1 interface */
ACCEPT all -- anywhere anywhere /* 004 accept related established rules */ state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport ports ftp /* 021 allow ftp. */
ACCEPT tcp -- anywhere anywhere multiport ports ssh /* 022 allow ssh. */
ACCEPT tcp -- anywhere anywhere multiport ports smtp /* 025 allow smtp. */
ACCEPT tcp -- anywhere anywhere multiport ports pharos /* 051 allow rundeck. */
ACCEPT tcp -- anywhere anywhere multiport ports 8140 /* 814 allow puppetserver. */
ACCEPT tcp -- anywhere anywhere multiport ports http /* 080 allow http. */
ACCEPT tcp -- anywhere anywhere multiport ports https /* 443 allow https. */
DROP all -- anywhere anywhere /* 999 drop all */
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
通过普通的ftp连接可以正常工作...
我将WS_FTP与ftp-authssl // xxx.nl / ...一起使用。我尝试了其他几种连接选项,端口等。但是所有选项都给出相同的错误。尽管似乎有时会显示第一个目录列表(但这可能是WS_FTP的缓存)
我也在SuperUser上发布了问题,并在那里得到了答案:我在proftpd.conf中添加了以下内容:
PassivePorts 49152 65534
TLSOptions NoSessionReuseRequired
对于PassivePort,请参见http://proftpd.org/docs/directives/linked/config_ref_PassivePorts.html
有关TLSOption的信息,请参见http://www.proftpd.org/docs/howto/TLS.html(基于WS_FTP的一些日志消息,我发现NoSessionReuseRequired应该会有所帮助)。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句