proftpd无法被局域网内其它机器连接

legaooagel_unix

我安装的是proftpd1.2.9.安装的时候就出现./configure的报错，'"can not compute sizeof short".后来查configure.log发现是gcc的-O选项的影响(据说是gcc 2.9.6以上的版本对Intel platform的优化存在bugs)。去掉configure的-O选项后，安装完毕，并按照sfz103的初学笔记和张微波的笔记进行了proftpd.conf的配置，如下：

1. 
   
2. # This is a basic ProFTPD configuration file (rename it to
   
3. # 'proftpd.conf' for actual use.  It establishes a single server
   
4. # and a single anonymous login.  It assumes that you have a user/group
   
5. # "nobody" and "ftp" for normal operation and anon.
   
6. 
   
7. ServerName                        "ProFTPD Default Installation"
   
8. ServerType                        standalone
   
9. DefaultServer                        on
   
10. 
    
11. # Port 21 is the standard FTP port.
    
12. Port                                21
    
13. 
    
14. # Umask 022 is a good standard umask to prevent new dirs and files
    
15. # from being group and world writable.
    
16. Umask                                022
    
17. 
    
18. # To prevent DoS attacks, set the maximum number of child processes
    
19. # to 30.  If you need to allow more than 30 concurrent connections
    
20. # at once, simply increase this value.  Note that this ONLY works
    
21. # in standalone mode, in inetd mode you should use an inetd server
    
22. # that allows you to limit maximum number of processes per service
    
23. # (such as xinetd).
    
24. MaxInstances                        30
    
25. 
    
26. # Set the user and group under which the server will run.
    
27. User                                nobody
    
28. Group                                nobody
    
29. 
    
30. # To cause every FTP user to be "jailed" (chrooted) into their home
    
31. # directory, uncomment this line.
    
32. DefaultRoot ~ftpusers
    
33. # Support retrieve
    
34.   AllowRetrieveRestart on
    
35. # Normally, we want files to be overwriteable.
    
36. <Directory />;
    
37.   AllowOverwrite                on
    
38.   AllowStoreRestart             on
    
39. </Directory>;
    
40. 
    
41. <Directory /home/kaoyan>;
    
42. <Limit WRITE>;
    
43. DenyUser kaoyan
    
44. </Limit>;
    
45. <Limit RMD RNFR DELE RETR>;
    
46. DenyUser upload
    
47. </Limit>;
    
48. TransferRate RETR 50 user kaoyan
    
49. TransferRate STOR 100 user upload
    
50. </Directory>;
    
51. # A basic anonymous configuration, no upload directories.  If you do not
    
52. # want anonymous users, simply delete this entire <Anonymous>; section.
    
53. <Anonymous ~ftp>;
    
54.   User                                ftp
    
55.   Group                                ftp
    
56. 
    
57.   # We want clients to be able to login with "anonymous" as well as "ftp"
    
58.   UserAlias                        anonymous ftp
    
59. 
    
60.   # Limit the maximum number of anonymous logins
    
61.   MaxClients                        10
    
62. 
    
63.   # We want 'welcome.msg' displayed at login, and '.message' displayed
    
64.   # in each newly chdired directory.
    
65.   DisplayLogin                        welcome.msg
    
66.   DisplayFirstChdir                .message
    
67. 
    
68.   # Limit WRITE everywhere in the anonymous chroot
    
69.   <Limit WRITE>;
    
70.     DenyAll
    
71.   </Limit>;
    
72. </Anonymous>;
    

复制代码

restart proftpd,用ps -A查看 有proftpd进程，用netstat -ln查看，端口21也开启了。但是在局域网内另一个机器(winXP)上，用leapftp登陆，显示错误是"Error:connection reset by peer".用C:\ftp连接，显示错误是“ftp:connect:未知错误”。在另一台linux上用ftp连接，显示错误是"ftp:connection refused".这么多错误到底是什么原因啊？stop proftpd后，用leapftp登陆，错误是一样的，好象proftpd就没启动似的，但用/sbin/service --status-all查看，结果如下：

1. 
   
2. anacron 已死，但是 subsys 被锁
   
3. atd (pid 3394) 正在运行...
   
4. 已配置的挂载点：
   
5. ------------------------
   
6. 
   
7. 活跃挂载点：
   
8. --------------------
   
9. crond (pid 3302) 正在运行...
   
10. cupsd (pid 3313) 正在运行...
    
11. gpm (pid 3284) 正在运行...
    
12. httpd 已停
    
13. 表格：filter
    
14. Chain INPUT (policy ACCEPT)
    
15. target     prot opt source               destination
    
16. RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere
    
17. 
    
18. Chain FORWARD (policy ACCEPT)
    
19. target     prot opt source               destination
    
20. RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere
    
21. 
    
22. Chain OUTPUT (policy ACCEPT)
    
23. target     prot opt source               destination
    
24. 
    
25. Chain RH-Lokkit-0-50-INPUT (2 references)
    
26. target     prot opt source               destination
    
27. ACCEPT     udp  --  dns.jlu.edu.cn       anywhere           udp spt:domain dpts:1025:65535
    
28. ACCEPT     all  --  anywhere             anywhere
    
29. REJECT     tcp  --  anywhere             anywhere           tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
    
30. REJECT     tcp  --  anywhere             anywhere           tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
    
31. REJECT     udp  --  anywhere             anywhere           udp dpts:0:1023 reject-with icmp-port-unreachable
    
32. REJECT     udp  --  anywhere             anywhere           udp dpt:nfs reject-with icmp-port-unreachable
    
33. REJECT     tcp  --  anywhere             anywhere           tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
    
34. REJECT     tcp  --  anywhere             anywhere           tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
    
35. irattach 已停
    
36. 该软件包无状态信息
    
37. lisa 已停
    
38. 配置设备：
    
39. lo eth0
    
40. 当前的活跃设备：
    
41. lo eth0
    
42. rpc.mountd 已停
    
43. nfsd 已停
    
44. rpc.rquotad 已停
    
45. rpc.statd (pid 3137) 正在运行...
    
46. nscd 已停
    
47. ntpd 已停
    
48. portmap (pid 3118) 正在运行...
    
49. proftpd (pid 4631) 正在运行...
    
50. 随机数据源已存在
    
51. saslauthd 已停
    
52. sendmail (pid 3274 3265) 正在运行...
    
53. smbd 已停
    
54. nmbd 已停
    
55. sshd (pid 3230) 正在运行...
    
56. syslogd (pid 3104) 正在运行...
    
57. klogd (pid 3108) 正在运行...
    
58. winbindd 已停
    
59. xfs (pid 3376) 正在运行...
    
60. xinetd (pid 3244) 正在运行...
    
61. ypbind 已停
    

复制代码

不知道这么多问题是什么原因造成的，希望有人能给点建议，十分感激。

wolfg

俺对iptables不熟，看不出来  
service iptables stop后试试看能不能连上

legaooagel_unix

wolfg,service iptables stop后果然可以连上了，用anymous也可以登陆，但是用配置的用户却不能。提示错误"530 login incorrect".在/etc下添加了ftpusers文件，并允许从其它机器上登陆，问题依旧，不知应该怎样修改配置文件。

wolfg

启动时加上-d选项可以看到更多的调试信息
proftpd -d9 -n

1. DefaultRoot ~ftpusers

复制代码

这句应该是这样的，你少了一个空格

1. DefaultRoot ~ ftpusers

复制代码

legaooagel_unix

wolfg,proftpd -d9 -n后的情况如下：

1. 
   
2. [root@localhost gaole1]# /etc/proftpd/sbin/proftpd -d9 -n
   
3. - parsing '/etc/proftpd/etc/proftpd.conf' configuration
   
4. - FS: using system open()
   
5. - FS: using system read()
   
6. - dispatching auth request "getpwnam" to module mod_auth_file
   
7. - dispatching auth request "getpwnam" to module mod_auth_unix
   
8. - dispatching auth request "getgrnam" to module mod_auth_file
   
9. - dispatching auth request "getgrnam" to module mod_auth_unix
   
10. - FS: using system read()
    
11. - <Directory />;: adding section for resolved path '/'
    
12. - <Directory /home/kaoyan>;: adding section for resolved path '/home/kaoyan'
    
13. - FS: using system read()
    
14. - FS: using system read()
    
15. - FS: using system close()
    
16. localhost.localdomain -
    
17. localhost.localdomain - Config for ProFTPD Default Installation:
    
18. localhost.localdomain - ~ftp/
    
19. localhost.localdomain -  Limit
    
20. localhost.localdomain -   DenyAll
    
21. localhost.localdomain -  UserName
    
22. localhost.localdomain -  GroupName
    
23. localhost.localdomain -  UserAlias
    
24. localhost.localdomain -  MaxClients
    
25. localhost.localdomain -  DisplayLogin
    
26. localhost.localdomain -  DisplayFirstChdir
    
27. localhost.localdomain -  Umask
    
28. localhost.localdomain -  AllowRetrieveRestart
    
29. localhost.localdomain - /
    
30. localhost.localdomain -  /home/kaoyan
    
31. localhost.localdomain -   Limit
    
32. localhost.localdomain -    DenyUser
    
33. localhost.localdomain -   Limit
    
34. localhost.localdomain -    DenyUser
    
35. localhost.localdomain -   TransferRate
    
36. localhost.localdomain -   TransferRate
    
37. localhost.localdomain -   AllowOverwrite
    
38. localhost.localdomain -   AllowStoreRestart
    
39. localhost.localdomain -   Umask
    
40. localhost.localdomain -   AllowRetrieveRestart
    
41. localhost.localdomain -  AllowOverwrite
    
42. localhost.localdomain -  AllowStoreRestart
    
43. localhost.localdomain -  Umask
    
44. localhost.localdomain -  AllowRetrieveRestart
    
45. localhost.localdomain - DefaultServer
    
46. localhost.localdomain - Umask
    
47. localhost.localdomain - UserID
    
48. localhost.localdomain - UserName
    
49. localhost.localdomain - GroupID
    
50. localhost.localdomain - GroupName
    
51. localhost.localdomain - DefaultRoot
    
52. localhost.localdomain - AllowRetrieveRestart
    
53. localhost.localdomain - dispatching auth request "getgroups" to module mod_auth_file
    
54. localhost.localdomain - dispatching auth request "getgroups" to module mod_auth_unix
    
55. localhost.localdomain - SETUP PRIVS at main.c:2704
    
56. localhost.localdomain - ROOT PRIVS at main.c:1956
    
57. localhost.localdomain - RELINQUISH PRIVS at main.c:1962
    
58. localhost.localdomain - ROOT PRIVS at main.c:2323
    
59. localhost.localdomain - opening scoreboard '/etc/proftpd/var/proftpd/proftpd.scoreboard'
    
60. localhost.localdomain - RELINQUISH PRIVS at main.c:2347
    
61. localhost.localdomain - ROOT PRIVS at inet.c:452
    
62. localhost.localdomain - RELINQUISH PRIVS at inet.c:510
    
63. localhost.localdomain - ProFTPD 1.2.9 (stable) (built 五 9月 16 19:36:32 CST 2005) standalone mode STARTUP
    
64. localhost.localdomain - ROOT PRIVS at main.c:2171
    
65. localhost.localdomain - RELINQUISH PRIVS at main.c:2177
    
66. localhost.localdomain - FS: using system lstat()
    
67. localhost.localdomain - scrubbing scoreboard
    
68. localhost.localdomain - ROOT PRIVS at mod_core.c:194
    
69. localhost.localdomain - RELINQUISH PRIVS at mod_core.c:201
    
70. localhost.localdomain - ROOT PRIVS at mod_core.c:223
    
71. localhost.localdomain - RELINQUISH PRIVS at mod_core.c:251
    
72. localhost.localdomain - FS: using system lstat()
    
73. localhost.localdomain - scrubbing scoreboard
    
74. localhost.localdomain - ROOT PRIVS at mod_core.c:194
    
75. localhost.localdomain - RELINQUISH PRIVS at mod_core.c:201
    
76. localhost.localdomain - ROOT PRIVS at mod_core.c:223
    
77. localhost.localdomain - RELINQUISH PRIVS at mod_core.c:251
    

复制代码

问题还在，我也看不出什么地方不对，还望指点。

wolfg

用户登录时debug信息出现什么？

legaooagel_unix

谢谢wolfg帮助，调试信息中提示"Invalid shell".将帐号的shell设置对，现在能登陆了。只是不知下面的提示是什么意思：

1. 
   
2. localhost.localdomain - FS: using system lstat()
   
3. localhost.localdomain - scrubbing scoreboard
   
4. localhost.localdomain - ROOT PRIVS at mod_core.c:194
   
5. localhost.localdomain - RELINQUISH PRIVS at mod_core.c:201
   
6. localhost.localdomain - ROOT PRIVS at mod_core.c:223
   
7. localhost.localdomain - RELINQUISH PRIVS at mod_core.c:251
   
8. localhost.localdomain - FS: using system lstat()
   
9. localhost.localdomain (10.50.27.56[10.50.27.56]) - dispatching PRE_CMD command 'NOOP' to mod_core
   
10. localhost.localdomain (10.50.27.56[10.50.27.56]) - dispatching PRE_CMD command 'NOOP' to mod_core
    
11. localhost.localdomain (10.50.27.56[10.50.27.56]) - dispatching CMD command 'NOOP' to mod_core
    
12. localhost.localdomain (10.50.27.56[10.50.27.56]) - dispatching LOG_CMD command 'NOOP' to mod_log
    

复制代码

wolfg

这些都是正常的调试信息吧，呵呵

legaooagel_unix

辛苦wolfg了，问题解决了，看来主要是iptables防火墙的影响。再次感谢。