23,216
社区成员
发帖
与我相关
我的任务
分享虚拟机搭建vsftpd外网访问遭遇了一个很怪的问题 求解!
我用VMware虚拟机上的Centos6.5搭建了一个FTP服务器,虚拟机的联网方式为NAT,并且在虚拟网络编辑器中的NAT设置中做好了端口映射,将本实体机的端口映射至虚拟机的端口。
实体机的局域网IP为192.168.1.100 虚拟机的IP是192.168.136.132
这时我在实体机上使用FlashFTP登录192.168.1.100,可以顺利登录虚拟机的FTP
下一步我想在外网也能登录虚拟机的FTP,我在路由上映射了21端口,将公网IP及端口映射至192.168.1.100,使用FlashFTP登录发现可以登录,但是无法拉取文件列表,错误信息如下
[17:02:03] [L] 正在连接到 118.132.*.* -> IP=118.132.*.* PORT=21
[17:02:03] [L] 已连接到 118.132.*.*
[17:02:03] [L] 220 (vsFTPd 2.2.2)
[17:02:03] [L] USER root
[17:02:03] [L] 331 Please specify the password.
[17:02:03] [L] PASS (hidden)
[17:02:03] [L] 230 Login successful.
[17:02:03] [L] SYST
[17:02:03] [L] 215 UNIX Type: L8
[17:02:03] [L] FEAT
[17:02:03] [L] 211-Features:
[17:02:04] [L] EPRT
[17:02:04] [L] EPSV
[17:02:04] [L] MDTM
[17:02:04] [L] PASV
[17:02:04] [L] REST STREAM
[17:02:04] [L] SIZE
[17:02:04] [L] TVFS
[17:02:04] [L] UTF8
[17:02:04] [L] 211 End
[17:02:04] [L] OPTS UTF8 ON
[17:02:04] [L] 200 Always in UTF8 mode.
[17:02:04] [L] PWD
[17:02:04] [L] 257 "/root"
[17:02:04] [L] CWD /root
[17:02:04] [L] 250 Directory successfully changed.
[17:02:04] [L] PWD
[17:02:04] [L] 257 "/root"
[17:02:04] [L] PASV
[17:02:04] [L] 227 Entering Passive Mode ( 118,132,*,* ,5,77)
[17:02:04] [L] 正在打开数据连接 IP: 118.132.*.* 端口: 1357
[17:02:25] [L] 数据套接字错误: 连接已超时
[17:02:26] [L] 列表 错误
[17:02:26] [L] 以 PASV 模式连接失败,正在尝试 PORT 模式。
[17:02:26] [L] 正在侦听端口: 15519,正在等待连接。
[17:02:26] [L] PORT 192,168,1,100,60,159
[17:02:26] [L] 200 PORT command successful. Consider using PASV.
[17:02:26] [L] LIST -al
[17:02:28] [L] QUIT
[17:02:28] [L] 已注销: 118.132.*.* (持续时间: 25 秒)
[17:02:28] [L] 连接已取消
我使用相同方式映射的HTTP和SSH服务均无问题,使用公网IP可以使用
我查资料发现FTP服务需要双端口,于是在vsftpd.conf文件中,把FTP被动模式端口限制在3000-30001之间,如下配置
# Specifies the lowest possible port sent to the FTP clients for passive mode
# connections. This setting is used to limit the port range so that firewall
# rules are easier to create.
#
pasv_min_port=30000
#
# Specifies the highest possible port sent to the FTP clients for passive mode
# connections. This setting is used to limit the port range so that firewall
# rules are easier to create.
#
pasv_max_port=30001
并且使用上述方法在路由器和虚拟机上映射了30000,30001,20端口,现象依旧
请问这是怎么回事?谢谢
实体机的局域网IP为192.168.1.100 虚拟机的IP是192.168.136.132
这时我在实体机上使用FlashFTP登录192.168.1.100,可以顺利登录虚拟机的FTP
下一步我想在外网也能登录虚拟机的FTP,我在路由上映射了21端口,将公网IP及端口映射至192.168.1.100,使用FlashFTP登录发现可以登录,但是无法拉取文件列表,错误信息如下
[17:02:03] [L] 正在连接到 118.132.*.* -> IP=118.132.*.* PORT=21
[17:02:03] [L] 已连接到 118.132.*.*
[17:02:03] [L] 220 (vsFTPd 2.2.2)
[17:02:03] [L] USER root
[17:02:03] [L] 331 Please specify the password.
[17:02:03] [L] PASS (hidden)
[17:02:03] [L] 230 Login successful.
[17:02:03] [L] SYST
[17:02:03] [L] 215 UNIX Type: L8
[17:02:03] [L] FEAT
[17:02:03] [L] 211-Features:
[17:02:04] [L] EPRT
[17:02:04] [L] EPSV
[17:02:04] [L] MDTM
[17:02:04] [L] PASV
[17:02:04] [L] REST STREAM
[17:02:04] [L] SIZE
[17:02:04] [L] TVFS
[17:02:04] [L] UTF8
[17:02:04] [L] 211 End
[17:02:04] [L] OPTS UTF8 ON
[17:02:04] [L] 200 Always in UTF8 mode.
[17:02:04] [L] PWD
[17:02:04] [L] 257 "/root"
[17:02:04] [L] CWD /root
[17:02:04] [L] 250 Directory successfully changed.
[17:02:04] [L] PWD
[17:02:04] [L] 257 "/root"
[17:02:04] [L] PASV
[17:02:04] [L] 227 Entering Passive Mode ( 118,132,*,* ,5,77)
[17:02:04] [L] 正在打开数据连接 IP: 118.132.*.* 端口: 1357
[17:02:25] [L] 数据套接字错误: 连接已超时
[17:02:26] [L] 列表 错误
[17:02:26] [L] 以 PASV 模式连接失败,正在尝试 PORT 模式。
[17:02:26] [L] 正在侦听端口: 15519,正在等待连接。
[17:02:26] [L] PORT 192,168,1,100,60,159
[17:02:26] [L] 200 PORT command successful. Consider using PASV.
[17:02:26] [L] LIST -al
[17:02:28] [L] QUIT
[17:02:28] [L] 已注销: 118.132.*.* (持续时间: 25 秒)
[17:02:28] [L] 连接已取消
我使用相同方式映射的HTTP和SSH服务均无问题,使用公网IP可以使用
我查资料发现FTP服务需要双端口,于是在vsftpd.conf文件中,把FTP被动模式端口限制在3000-30001之间,如下配置
# Specifies the lowest possible port sent to the FTP clients for passive mode
# connections. This setting is used to limit the port range so that firewall
# rules are easier to create.
#
pasv_min_port=30000
#
# Specifies the highest possible port sent to the FTP clients for passive mode
# connections. This setting is used to limit the port range so that firewall
# rules are easier to create.
#
pasv_max_port=30001
并且使用上述方法在路由器和虚拟机上映射了30000,30001,20端口,现象依旧
请问这是怎么回事?谢谢
...全文
请发表友善的回复…
发表回复
