請大家幫忙看看我的ProFTPd怎麼不能用ls?
為了方便測試,我是在VMware下安裝CentOS 5.1。已經停止了iptables.
可以使用cd, pwd, mkdir等,但是不能使用ls, put, get
安裝:
wget --passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.1.tar.gz
tar xvfz proftpd-1.3.1.tar.gz
cd proftpd-1.3.1/
./configure --sysconfdir=/etc
make
make install
cd ..
ln -s /usr/local/sbin/proftpd /usr/sbin/proftpd
proftpd.conf文件內容:
# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
ServerType standalone
#ServerType inetd
DefaultServer on
AccessGrantMsg "User %u logged in."
#DisplayConnect /etc/ftpissue
#DisplayLogin /etc/ftpmotd
#DisplayGoAway /etc/ftpgoaway
DeferWelcome off
# Use this to excude users from the chroot
DefaultRoot ~ !adm
# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups off
UseReverseDNS off
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# Default to show dot files in directory listings
ListOptions "-a"
# See Configuration.html for these (here are the default values)
#MultilineRFC2228 off
#RootLogin off
#LoginPasswordPrompt on
#MaxLoginAttempts 3
#MaxClientsPerHost none
#AllowForeignAddress off # For FXP
# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart on
AllowStoreRestart on
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20
# Set the user and group that the server normally runs at.
User nobody
Group nobody
# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile no
# This is where we want to put the pid file
ScoreboardFile /var/run/proftpd.score
# Normally, we want users to do a few things.
<Global>
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine on
#TLSRequired on
#TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
#TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
#TLSCipherSuite ALL:!ADH:!DES
#TLSOptions NoCertRequest
#TLSVerifyClient off
##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
#TLSLog /var/log/proftpd/tls.log
# SQL authentication Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details.
#<IfModule mod_dso.c>
# LoadModule mod_sql.c
# LoadModule mod_sql_mysql.c
# LoadModule mod_sql_postgres.c
#</IfModule>
# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
# User ftp
# Group ftp
# AccessGrantMsg "Anonymous login ok, restrictions apply."
#
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 10 "Sorry, max %m users -- try again later"
#
# # Put the user into /pub right after login
# #DefaultChdir /pub
#
# # We want 'welcome.msg' displayed at login, '.message' displayed in
# # each newly chdired directory and tell users to read README* files.
# DisplayLogin /welcome.msg
# DisplayFirstChdir .message
# DisplayReadme README*
#
# # Some more cosmetic and not vital stuff
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE SITE_CHMOD>
# DenyAll
# </Limit>
#
# # An upload directory that allows storing files but not retrieving
# # or creating directories.
# <Directory uploads/*>
# AllowOverwrite no
# <Limit READ>
# DenyAll
# </Limit>
#
# <Limit STOR>
# AllowAll
# </Limit>
# </Directory>
#
# # Don't write anonymous accesses to the system wtmp file (good idea!)
# WtmpLog off
#
# # Logging for the anonymous transfers
# ExtendedLog /var/log/proftpd/access.log WRITE,READ default
# ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>
直接登錄到CentOS伺服器測試,沒有問題。
虛擬機器的IP: 192.168.102.133
ftp 192.168.102.133
Connected to 192.168.102.133.
220 FTP Server ready.
500 AUTH not understood
500 AUTH not understood
KERBEROS_V4 rejected as an authentication type
Name (192.168.102.133:root): testhost
331 Password required for testhost.
Password:
230 User testhost logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd public_html
250 CWD command successful
ftp> pwd
257 "/public_html" is current directory.
ftp> ls
227 Entering Passive Mode (192,168,102,133,12,227).
150 Opening ASCII mode data connection for file list
drwxr-x--- 3 testhost testhost 4096 Feb 23 20:45 .
drwxr-x--- 10 testhost testhost 4096 Feb 23 20:45 ..
lrwxrwxrwx 1 root root 31 Feb 23 20:45 awstats-icon -> /usr/local/awstats/wwwroot/icon
lrwxrwxrwx 1 root root 31 Feb 23 20:45 icon -> /usr/local/awstats/wwwroot/icon
drwxr-xr-x 2 testhost testhost 4096 Feb 28 10:25 stats
226 Transfer complete.
ftp> quit
221 Goodbye.
但是如果直接在Windows下,就不能使用ls命令了
C:\>ftp 192.168.102.133
Connected to 192.168.102.133.
220 FTP Server ready.
User (192.168.102.133:(none)): testhost
331 Password required for testhost.
Password:
230 User testhost logged in.
ftp> mkdir ttt
257 "/ttt" - Directory successfully created
ftp> cd ttt
250 CWD command successful
ftp> pwd
257 "/ttt" is current directory.
ftp> cd /public_html
250 CWD command successful
ftp> ls
200 PORT command successful
出現200 PORT command successful后,就一直不返回了。
不知道是什麼原因,請高手指點。謝謝
[ 本帖最後由 lwbbs 於 2008-2-29 09:13 編輯 ]
《解決方案》
原帖由 lwbbs 於 2008-2-29 09:10 發表 http://bbs.chinaunix.net/images/common/back.gif
為了方便測試,我是在VMware下安裝CentOS 5.1。已經停止了iptables.
可以使用cd, pwd, mkdir等,但是不能使用ls, put, get
執行 iptables-save 這個命令後輸出哪些內容呢?
--
《解決方案》
下面是輸出內容。不過我用了 service iptables stop
也不行。
# Generated by iptables-save v1.3.5 on Wed Mar 5 04:38:24 2008
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
:RH-Firewall-1-INPUT -
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Mar 5 04:38:24 2008
原帖由 kenduest 於 2008-3-6 03:37 發表 http://bbs.chinaunix.net/images/common/back.gif
執行 iptables-save 這個命令後輸出哪些內容呢?
--
《解決方案》
那很明顯你的 firewall 設定並沒真的關閉呢...
/etc/init.d/iptables stop 暫時關閉 firewall 後即可正常。
若你要用 rh 內建的 firewall 設定然後允許 port 21 ftp 可正常運作,請設定允許 port 21 可以用以外,順便改 /etc/sysconfig/iptables 的內容,開啟載入 ip_conntrack_ftp 即可。
其他資訊不妨可以參考 iptables faq:
http://linux.chinaunix.net/bbs/thread-812400-1-1.html
--
《解決方案》
我已經用service iptables stop把防火牆給關了,但是結果還是一樣的。
因為我能FTP登錄只是不能用ls,get,put命令。mkdir命令都可以用。
原帖由 kenduest 於 2008-3-6 13:36 發表 http://bbs.chinaunix.net/images/common/back.gif
那很明顯你的 firewall 設定並沒真的關閉呢...
/etc/init.d/iptables stop 暫時關閉 firewall 後即可正常。
若你要用 rh 內建的 firewall 設定然後允許 port 21 ftp 可正常運作,請設定允許 port 21 可以 ...
《解決方案》
那麻煩請你砍掉 /etc/sysconfig/iptables 檔案後 reboot 確認狀態。另外請參考該 faq 可以使用手動方式清空所有的 firewall rule 設定。
--
《解決方案》
去掉了iptables* 和 ip6tables*,reboot后還是不行。
原帖由 kenduest 於 2008-3-8 04:58 發表 http://bbs.chinaunix.net/images/common/back.gif
那麻煩請你砍掉 /etc/sysconfig/iptables 檔案後 reboot 確認狀態。另外請參考該 faq 可以使用手動方式清空所有的 firewall rule 設定。
--
《解決方案》
1. 請問你去掉了哪些設定?把流程說出來一下
2. 執行 /etc/init.d/iptables stop 後執行 iptables-save 還是看到一堆 firewall 設定,請問你真的確定嗎 ?
您有描述錯誤還是我的理解有誤呢 ? 還有一個問題您一直無法回答, 既然 firewall rule 是你自己設定的, 你又怎麼會不知道你是設定在哪邊呢, 這樣似乎有點誇張 :shock:
所以是不是要先確認你系統實際的 firewall rule 寫在哪邊呢 ? 比方你是不是自己寫在 /etc/rc.local 有一份 rule 呢.
--
[ 本帖最後由 kenduest 於 2008-3-12 22:16 編輯 ]