fedora2的vsftpd问题？

laokan

fedora2自带的vsftpd需要怎么样配置防火墙？才能让如网络快车一类的下载工具正常使用。如果打开防火墙，就有问题，下不了

laokan

在setup中设置防火墙中级，打开ssh ftp www等端口，但是用ftp访问的时候出现了问题：在ie中可以下载，可是在网际快车中就是下不了，我感觉可能是防火墙的问题，把防火墙关了，就能下了，但是这样的配置在redhat9上使用的vsftp的配置就没问题呀？各位有遇到这个问题的么？
   有的话，帮帮我呀！

llzqq

把网际快车的PASV模式关掉试试，怀疑没给PASV开PORT

laokan

这个是vsftp的配置文件：不知道这是怎么的了
但是网际快车并不用64000以上的端口连接呀！、
还有这么弄在redhat9上是可以正常工作的呀！
多谢llzqq 斑竹的指教，烦请多给点意见

1. # Example config file /etc/vsftpd.conf
   
2. #
   
3. # The default compiled in settings are very paranoid. This sample file
   
4. # loosens things up a bit, to make the ftp daemon more usable.
   
5. #
   
6. # Allow anonymous FTP?
   
7. anonymous_enable=YES
   
8. #
   
9. # Uncomment this to allow local users to log in.
   
10. local_enable=YES
    
11. #
    
12. # Uncomment this to enable any form of FTP write command.
    
13. write_enable=YES
    
14. #
    
15. # Default umask for local users is 077. You may wish to change this to 022,
    
16. # if your users expect that (022 is used by most other ftpd's)
    
17. local_umask=022
    
18. #
    
19. # Uncomment this to allow the anonymous FTP user to upload files. This only
    
20. # has an effect if the above global write enable is activated. Also, you will
    
21. # obviously need to create a directory writable by the FTP user.
    
22. #anon_upload_enable=YES
    
23. #
    
24. # Uncomment this if you want the anonymous FTP user to be able to create
    
25. # new directories.
    
26. #anon_mkdir_write_enable=YES
    
27. #
    
28. # Activate directory messages - messages given to remote users when they
    
29. # go into a certain directory.
    
30. dirmessage_enable=YES
    
31. #
    
32. # Activate logging of uploads/downloads.
    
33. xferlog_enable=YES
    
34. #
    
35. # Make sure PORT transfer connections originate from port 20 (ftp-data).
    
36. connect_from_port_20=YES
    
37. #
    
38. # If you want, you can arrange for uploaded anonymous files to be owned by
    
39. # a different user. Note! Using "root" for uploaded files is not
    
40. # recommended!
    
41. #chown_uploads=YES
    
42. #chown_username=whoever
    
43. #
    
44. # You may override where the log file goes if you like. The default is shown
    
45. # below.
    
46. #xferlog_file=/var/log/vsftpd.log
    
47. #
    
48. # If you want, you can have your log file in standard ftpd xferlog format
    
49. xferlog_std_format=YES
    
50. #
    
51. # You may change the default value for timing out an idle session.
    
52. #idle_session_timeout=600
    
53. #
    
54. # You may change the default value for timing out a data connection.
    
55. #data_connection_timeout=120
    
56. #
    
57. # It is recommended that you define on your system a unique user which the
    
58. # ftp server can use as a totally isolated and unprivileged user.
    
59. #nopriv_user=ftpsecure
    
60. #
    
61. # Enable this and the server will recognise asynchronous ABOR requests. Not
    
62. # recommended for security (the code is non-trivial). Not enabling it,
    
63. # however, may confuse older FTP clients.
    
64. #async_abor_enable=YES
    
65. #
    
66. # By default the server will pretend to allow ASCII mode but in fact ignore
    
67. # the request. Turn on the below options to have the server actually do ASCII
    
68. # mangling on files when in ASCII mode.
    
69. # Beware that turning on ascii_download_enable enables malicious remote parties
    
70. # to consume your I/O resources, by issuing the command "SIZE /big/file" in
    
71. # ASCII mode.
    
72. # These ASCII options are split into upload and download because you may wish
    
73. # to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
    
74. # without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
    
75. # on the client anyway..
    
76. #ascii_upload_enable=YES
    
77. #ascii_download_enable=YES
    
78. #
    
79. # You may fully customise the login banner string:
    
80. ftpd_banner=Welcome to Serv-U FTP service.
    
81. #
    
82. # You may specify a file of disallowed anonymous e-mail addresses. Apparently
    
83. # useful for combatting certain DoS attacks.
    
84. #deny_email_enable=YES
    
85. # (default follows)
    
86. #banned_email_file=/etc/vsftpd.banned_emails
    
87. #
    
88. # You may specify an explicit list of local users to chroot() to their home
    
89. # directory. If chroot_local_user is YES, then this list becomes a list of
    
90. # users to NOT chroot().
    
91. chroot_local_user=YES
    
92. #chroot_list_enable=YES
    
93. # (default follows)
    
94. #chroot_list_file=/etc/vsftpd.chroot_list
    
95. #
    
96. # You may activate the "-R" option to the builtin ls. This is disabled by
    
97. # default to avoid remote users being able to cause excessive I/O on large
    
98. # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
    
99. # the presence of the "-R" option, so there is a strong case for enabling it.
    
100. #ls_recurse_enable=YES
     
101. #local_max_rate=30000
     
102. pasv_max_port=65535
     
103. pasv_min_port=64000
     
104. max_per_ip=5
     
105. max_clients=600
     
106. pam_service_name=vsftpd
     
107. userlist_enable=YES
     
108. user_config_dir=/etc/vsftpd/vsftpd_user_conf
     
109. dirlist_enable=YES
     
110. #enable for standalone mode
     
111. listen=YES
     
112. tcp_wrappers=YES

复制代码

yunqing

Try to open ports used by PASV mode:

sudo /sbin/iptables -A INPUT -i eth0 -p tcp -m tcp --dports 64000:65535 -j ACCEPT

where eth0 is the inteface listening ftp connection.

laokan

多谢了!!