Ftp

FTP PASV 返回廣播地址

  • November 7, 2016

我正在嘗試使用 Ubuntu 16.04 伺服器在家中配置 FTP 伺服器,但 PASV 存在問題。我不能讓它返回我的外部 IP。

ftp測試器的輸出:

Status: Resolving address of dns. ... .net
Status: Connecting to xx.xxx.xxx.xxx
Warning: The entered address does not resolve to an IPv6 address.
Status: Connected, waiting for welcome message...
Reply: 220 (vsFTPd 3.0.3)
Command: CLNT https://ftptest.net on behalf of xx.xxx.xxx.xxx
Reply: 530 Please login with USER and PASS.
Command: AUTH TLS
Reply: 234 Proceed with negotiation.
Status: Performing TLS handshake...
Status: TLS handshake successful, verifying certificate...
Status: Received 1 certificates from server.
Status: cert[0]: subject='C=PT,ST=Some-State,O=Internet Widgits Pty Ltd,EMAIL=admin@... .net' issuer='C=PT,ST=Some-State,O=Internet Widgits Pty Ltd,EMAIL=admin@... .net'
Command: USER home
Reply: 331 Please specify the password.
Command: PASS ********
Reply: 230 Login successful.
Command: SYST
Reply: 215 UNIX Type: L8
Command: FEAT
Reply: 211-Features:
Reply: AUTH TLS
Reply: EPRT
Reply: EPSV
Reply: MDTM
Reply: PASV
Reply: PBSZ
Reply: PROT
Reply: REST STREAM
Reply: SIZE
Reply: TVFS
Reply: 211 End
Warning: The server does not indicate MLSD support. MLSD uses a well-specified listing format. Without MLSD, directory listings have to be obtained using LIST which uses an unspecified output format.
Command: PBSZ 0
Reply: 200 PBSZ set to 0.
Command: PROT P
Reply: 200 PROT now Private.
Command: PWD
Reply: 257 "/home/home" is the current directory
Status: Current path is /home/home
Command: TYPE I
Reply: 200 Switching to Binary mode.
Command: PASV
Reply: 227 Entering Passive Mode (0,0,0,0,90,101).
Error: Server returned broadcast address in PASV reply

這是我在配置文件中更改的內容:

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
pasv_enable=Yes
pasv_max_port=1050
pasv_min_port=1040
pasv_address=xx.xx.xx.xx <- my wan IP

我正在為華碩 RT-AC66U (WRT Merlin) 使用自定義路由器韌體,並更新到昨天發布的更新版本。它現在正在工作。

使用pasv_address配置您的外部 IP 地址。

請參閱https://security.appspot.com/vsftpd/vsftpd_conf.html

引用自:https://serverfault.com/questions/813466