登陆vsftpd后提示425 Security: Bad IP connecting

cnhnln

机器在一个路由后面。路由上做的NAT，断口已经映射到vsftpd所在服务器
通过路由器的公网IP访问，能登陆，不能列目录、下载

1. 
   
2. [root@www vsftpd]# ftp 61.52.112.30 2121
   
3. Connected to 61.52.112.30.
   
4. 220 ▒▒ӭ▒▒▒ ▒▒FTP▒▒▒▒▒▒
   
5. 530 Please login with USER and PASS.
   
6. 530 Please login with USER and PASS.
   
7. KERBEROS_V4 rejected as an authentication type
   
8. Name (61.52.112.30:root): ftpuser
   
9. 331 Please specify the password.
   
10. Password:
    
11. 230 Login successful.
    
12. Remote system type is UNIX.
    
13. Using binary mode to transfer files.
    
14. ftp> ls
    
15. 227 Entering Passive Mode (192,168,0,9,195,83)
    
16. 425 Security: Bad IP connecting.
    
17. ftp> pwd
    
18. 257 "/"
    
19. ftp> size 1111
    
20. 213 0
    
21. ftp> get 1111
    
22. local: 1111 remote: 1111
    
23. 227 Entering Passive Mode (192,168,0,9,195,83)
    
24. 425 Security: Bad IP connecting.
    
25. ftp> bye
    
26. 221 Goodbye.
    

复制代码

但是直接在内网连vsftpd所在的服务器可以下载

1. 
   
2. [root@www vsftpd]# ftp 192.168.0.9 2121
   
3. Connected to 192.168.0.9.
   
4. 220 ▒▒ӭ▒▒▒ ▒▒FTP▒▒▒▒▒▒
   
5. 530 Please login with USER and PASS.
   
6. 530 Please login with USER and PASS.
   
7. KERBEROS_V4 rejected as an authentication type
   
8. Name (192.168.0.9:root): ftpuser
   
9. 331 Please specify the password.
   
10. Password:
    
11. 230 Login successful.
    
12. Remote system type is UNIX.
    
13. Using binary mode to transfer files.
    
14. ftp> pwd
    
15. 257 "/"
    
16. ftp> ls
    
17. 227 Entering Passive Mode (192,168,0,9,195,80)
    
18. 150 Here comes the directory listing.
    
19. -rw-rw-rw-    1 ftp      ftp             0 Feb 09 22:52 1111
    
20. drwxrwxrwx    2 ftp      ftp          4096 Feb 09 18:12 pub
    
21. 226 Directory send OK.
    
22. ftp> get 1111
    
23. local: 1111 remote: 1111
    
24. 227 Entering Passive Mode (192,168,0,9,195,82)
    
25. 150 Opening BINARY mode data connection for 1111 (0 bytes).
    
26. 226 File send OK.
    
27. ftp> bye
    
28. 221 Goodbye.

复制代码

这是我的vsftpd.conf

1. 
   
2. [root@www vsftpd]# cat vsftpd.conf
   
3. listen=YES
   
4. listen_port=2121
   
5. 
   
6. port_enable=NO
   
7. pasv_enable=YES
   
8. pasv_min_port=50000
   
9. pasv_max_port=50009
   
10. 
    
11. ascii_upload_enable=NO
    
12. ascii_download_enable=NO
    
13. 
    
14. idle_session_timeout=120
    
15. data_connection_timeout=120
    
16. accept_timeout=60
    
17. 
    
18. max_clients=100
    
19. max_per_ip=2
    
20. 
    
21. anonymous_enable=NO
    
22. anon_upload_enable=NO
    
23. anon_mkdir_write_enable=NO
    
24. anon_other_write_enable=NO
    
25. 
    
26. local_enable=YES
    
27. local_root=/home/vsftpdvirtual/
    
28. 
    
29. guest_enable=YES
    
30. guest_username=vsftpdvirtual
    
31. 
    
32. pam_service_name=vsftpd
    
33. userlist_enable=YES
    
34. userlist_file=/etc/vsftpd.user_list
    
35. userlist_deny=NO
    
36. tcp_wrappers=NO
    
37. 
    
38. #chroot_list_enable=YES
    
39. #chroot_list_file=/etc/vsftpd/chroot_list
    
40. ##chroot_local_users=NO
    
41. 
    
42. hide_ids=YES
    
43. ls_recurse_enable=NO
    
44. write_enable=YES
    
45. 
    
46. file_open_mode=0666
    
47. local_umask=022
    
48. 
    
49. ftpd_banner=▒▒ӭ▒▒▒ ▒▒FTP▒▒▒▒▒▒
    
50. banner_file=/etc/vsftpd/vsftpd_banner_file
    
51. dirmessage_enable=YES
    
52. 
    
53. xferlog_enable=YES
    
54. xferlog_file=/var/log/vsftpd.log
    
55. xferlog_std_format=NO
    
56. log_ftp_protocol=NO
    
57. 
    
58. setproctitle_enable=NO
    
59. #text_userdb_names=YES
    
60. use_localtime=YES
    

复制代码

这是我的vsftpd的pam配置文件

1. 
   
2. [root@www vsftpd]# cat /etc/pam.d/vsftpd
   
3. #%PAM-1.0
   
4. auth       required     pam_listfile.so item=user sense=deny file=/etc/vsftpd.ftpusers onerr=succeed
   
5. #auth       required    pam_stack.so service=system-auth
   
6. #auth       required    pam_shells.so
   
7. #account    required    pam_stack.so service=system-auth
   
8. #session    required    pam_stack.so service=system-auth
   
9. #session    required     pam_loginuid.so
   
10. auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/account
    
11. account required /lib64/security/pam_userdb.so db=/etc/vsftpd/account
    

复制代码

ftp的根目录已经是所有人可读写执行

1. 
   
2. drwxrwxrwx  3 vsftpdvirtual vsftpdvirtual  4096  2月  9 23:05 vsftpdvirtual
   

复制代码

感觉还是虚拟用户、pam认证这一块出错了，但是不知道该怎么弄了，郁闷阿，谁来帮帮我。谢谢

[ 本帖最后由 cnhnln 于 2006-2-10 00:08 编辑 ]

wolfg

先看看ftp主动、被动方式的原理
http://bbs.chinaunix.net/forum/v ... 8980&show_type=

问题是外网连接时没法进入被动模式
227 Entering Passive Mode (192,168,0,9,195,83)
425 Security: Bad IP connecting.

看到没有，vsftpd返回的是内网IP
这个要在vsftpd.conf里设置成你的nat后的ip
pasv_address＝61.52.112.30

参考: http://vsftpd.beasts.org/vsftpd_conf.html里这几个选项
pasv_enable
pasv_max_port
pasv_min_port
pasv_address

cnhnln

谢谢您，不过还是不行啊

1. 
   
2. [root@www vsftpd]# nano vsftpd.conf
   
3. [root@www vsftpd]# /etc/init.d/vsftpd restart
   
4. 关闭 vsftpd：                                              [  确定  ]
   
5. 为 vsftpd 启动 vsftpd：                                    [  确定  ]
   
6. [root@www vsftpd]# ftp 61.52.112.30 2121
   
7. Connected to 61.52.112.30.
   
8. 220 ▒▒ӭ▒▒▒ ▒▒FTP▒▒▒▒▒▒
   
9. 530 Please login with USER and PASS.
   
10. 530 Please login with USER and PASS.
    
11. KERBEROS_V4 rejected as an authentication type
    
12. Name (61.52.112.30:root): ftpuser
    
13. 331 Please specify the password.
    
14. Password:
    
15. 230 Login successful.
    
16. Remote system type is UNIX.
    
17. Using binary mode to transfer files.
    
18. ftp> ftp
    
19. ?Invalid command
    
20. ftp> pwd
    
21. 257 "/"
    
22. ftp> ls
    
23. 227 Entering Passive Mode (61,52,112,30,195,87)
    
24. ftp: connect: Connection refused
    
25. ftp> size 1111
    
26. 213 0
    
27. ftp> cd pub
    
28. 250 Directory successfully changed.
    
29. ftp> pwd
    
30. 257 "/pub"
    
31. ftp> ls
    
32. 227 Entering Passive Mode (61,52,112,30,195,84)
    
33. ftp: connect: Connection refused
    
34. ftp> bye
    
35. 221 Goodbye.
    

复制代码

这是在服务器上登陆的，一样还是错误。而且改过以后用内网IP登陆也不能列目录了，改之前用内网IP是可以的。会不会是路由器上的问题啊？（路由器上已经映射过端口了）

1. 
   
2. [root@www vsftpd]# ftp 192.168.0.9 2121
   
3. Connected to 192.168.0.9.
   
4. 220 ▒▒ӭ▒▒▒ www.linuxdown.org ▒▒FTP▒▒▒▒▒▒
   
5. 530 Please login with USER and PASS.
   
6. 530 Please login with USER and PASS.
   
7. KERBEROS_V4 rejected as an authentication type
   
8. Name (192.168.0.9:root): ftpuser
   
9. 331 Please specify the password.
   
10. Password:
    
11. 230 Login successful.
    
12. Remote system type is UNIX.
    
13. Using binary mode to transfer files.
    
14. ftp> ls
    
15. 227 Entering Passive Mode (61,52,112,30,195,82)
    
16. 425 Security: Bad IP connecting.
    
17. ftp> cd pub
    
18. 250 Directory successfully changed.
    
19. ftp> ls
    
20. 227 Entering Passive Mode (61,52,112,30,195,84)
    
21. ftp: connect: Connection refused
    
22. ftp> bye
    
23. 221 Goodbye.
    

复制代码

[ 本帖最后由 cnhnln 于 2006-2-10 18:07 编辑 ]