vsftpd 的連線錯誤><

**yowck1983** · 2006-04-15, 10:59 PM

各位大大請問一下小弟連ftp時出現下列錯誤請幫幫我解決
錯誤> 無法連到遠端伺服器。Socket 錯誤 = #10065。
錯誤> PASV已失敗，正在嘗試 PORT 。
請問一下這是什麼問題?

**core** · 2006-04-16, 11:16 AM

vsftp 在 firewall 裡面嗎 ? 關掉pasv , 設定pasv port 的範圍。

vi vsftpd.conf

語法:

#pasv_enables=no
pasv_min_port=
pasv_max_port=

**yowck1983** · 2006-04-16, 12:21 PM

作者：core

vsftp 在 firewall 裡面嗎 ? 關掉pasv , 設定pasv port 的範圍。

vi vsftpd.conf

語法:

#pasv_enables=no
pasv_min_port=
pasv_max_port=

請教一下我想開pasv
在vsftpd.conf 設定如下
pasv_enables=yes
pasv_min_port=5555
pasv_max_port=6666

防火牆設定
/sbin/iptables -A INPUT -p tcp -i eth1 --dport 5555:6666 -j ACCEPR
/sbin/iptables -A INPUT -p udp -i eth1 --dport 5555:6666 -j ACCEPR

設定後 pasv 還是連線失敗這是為什麼呢?

**core** · 2006-04-16, 03:50 PM

還是先把你的網路環境敘述一下。這樣比較好了解。

**yowck1983** · 2006-04-16, 10:52 PM

作者：core

還是先把你的網路環境敘述一下。這樣比較好了解。

抱歉抱歉系統是FC4 Linux
我是用router 在LAN 內開 vsftpd 用另一台網內的pc來對 vsftpd做連線測試
用CuteFTP 連線 SELinux關有開防火牆試過信任網卡eth0 之後測試就沒問題
但如果取消信任不止連ftp時pasv會失敗連samba也是顯示無權限
以下是我的vsftpd.conf
=========================================================
Example config file /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local=yes
#xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
pam_service_name=vsftpd
userlist_enable=YES
#enable for standalone mode
listen=YES
tcp_wrappers=YES
pasv_enables=yes
pasv_min_port=5555
pasv_max_port=6666
==============================================

在防火牆設定上面
INPUT 的設定
=====================================
/sbin/iptables -A INPUT -p tcp -i eth0 --dport 5555:6666 -j ACCEPT
/sbin/iptables -A INPUT -p udp -i eth0 --dport 5555:6666 -j ACCEPT
=以下是屬於samba的防火牆設定==========
/sbin/iptables -A INPUT -p tcp -i eth0 -s 192.168.123.0/24 --dport 137:139 -j ACCEPT
/sbin/iptables -A INPUT -p udp -i eth0 -s 192.168.123.0/24 --dport 137:139 -j ACCEPT
=====================================

以下是smb.conf
===================================
#======================= Global Settings =====================================
[global]
workgroup = workgroup
server string = Samba Server
hosts allow = 192.168.123.
printcap name = /etc/printcap
load printers = yes
; printing = cups
cups options = raw
; guest account = pcguest
log file = /var/log/samba/%m.log
max log size = 50
security = share
; password server = <NT-Server-Name>
; password level = 8
; username level = 8
; encrypt passwords = yes
; smb passwd file = /etc/samba/smbpasswd
; unix password sync = Yes
; passwd program = /usr/bin/passwd %u
; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
; username map = /etc/samba/smbusers
; include = /etc/samba/smb.conf.%m
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
; interfaces = 192.168.12.2/24 192.168.13.2/24
; remote browse sync = 192.168.3.25 192.168.5.255
; remote announce = 192.168.1.255 192.168.2.44
; local master = no
; os level = 33
; domain master = yes
; preferred master = yes
; domain logons = yes
; logon script = %m.bat
; logon script = %U.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U

# All NetBIOS names must be resolved to IP Addresses
# 'Name Resolve Order' allows the named resolution mechanism to be specified
# the default order is "host lmhosts wins bcast". "host" means use the unix
# system gethostbyname() function call that will use either /etc/hosts OR
# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
# and the /etc/resolv.conf file. "host" therefore is system configuration
# dependant. This parameter is most often of use to prevent DNS lookups
# in order to resolve NetBIOS names to IP Addresses. Use with care!
# The example below excludes use of name resolution for machines that are NOT
# on the local network segment
# - OR - are not deliberately to be known via lmhosts or via WINS.
; name resolve order = wins lmhosts bcast

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
dns proxy = no

# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
; preserve case = no
; short preserve case = no
# Default case is normally upper case for all DOS files
; default case = lower
# Be very careful with case sensitivity - it can break things!
; case sensitive = no

#============================ Share Definitions ==============================
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
[homes]
comment = Home Directories
browseable = no
writable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /home/netlogon
; guest ok = yes
; writable = no
; share modes = no

# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /home/profiles
; browseable = no
; guest ok = yes

# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes

# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; read only = yes
; write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /homes/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %u option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
; path = /usr/somewhere/else/public
; public = yes
; only guest = yes
; writable = yes
; printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765
============================================

smb.conf 我幾乎沒什麼改變過
只改了share 和設定了port
但在防火牆下就是無法連線
請問我該怎麼在不關防火牆不用信任eth0的情況下使其正常使用呢