EnderUNIX Team.


EnderUNIX İpucu

Arkadaşıma gönder , Ana Sayfa

[ FTP ]

"VSFTPD Firewall arkasindan Pasif mod ayarlari" - Huzeyfe Önal - (2006-04-12 23:10:48)   [4631]

FTP protokolu dogasi geregi Firewall'lar ile pek anlasamaz.. VSFTPD ile pasif mod ftp'de belirtebilecegimiz bazi degerler


pasif ftp port araligi;

pasv_max_port=60000
pasv_min_port=40000

bu degerlerler ile istemciye hangi port araliklarindan pasif ftp yapacagi soylenir. Fakat ftp sunucu NAT yapan bir Firewall arkasinda ise pasif ftp portunu gonderirken kendi local IPsini de gonderir. IStemci ise ftp sunucunun gercek olmayan IP adresine baglanmaya calisir. Bunu engellemek icin FTP sunucularda Pasif_FTP icin hangi IP adresini gonderecegi belirtilir.

Ornek;
...
SYST

Command: PASV
Response: 227 Entering Passive Mode (172,16,10,2,237,27)
Command: TYPE A
Response: 200 Switching to ASCII mode.
Command: LIST
Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Error: Could not retrieve directory listing



VSFTP icin bu deger;
pasv_address=x.y.z.t

pasv_address — Specifies the IP address for the public facing IP address of the server for servers behind Network Address Translation (NAT) firewalls. This enables vsftpd to hand out the correct return address for passive mode connections.




Arkadaşıma gönder , Ana Sayfa