当前位置: 技术问答>linux和unix
RedhatLinux 系统FTP服务器,内网可以访问,外网访问不到
来源: 互联网 发布时间:2016-11-15
本文导语: 我在路由器上已经建立了虚拟服务器,以前这做过,内外网都可以ftp上去。 这次把RedHat 4.7 换成了5.2的,配置没有什么变化。 我就是纳闷了,我最后只好用linux系统接到外网上,直接拨号去,这样通过外网IP可以访...
我在路由器上已经建立了虚拟服务器,以前这做过,内外网都可以ftp上去。
这次把RedHat 4.7 换成了5.2的,配置没有什么变化。
我就是纳闷了,我最后只好用linux系统接到外网上,直接拨号去,这样通过外网IP可以访问到FTP服务器。这是什么原因,我朋友一个大的软件要传过来,请教高手赐教,服务器只能架设到内网来,不然别人就上不了网了。急,,,
[root@localhost vsftpd]# cat vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
... ...省略
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
local_umask=022
#anon_upload_enable=YES
#
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
xferlog_enable=YES
connect_from_port_20=YES
#
#chown_uploads=YES
#chown_username=whoever
#
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
#
#data_connection_timeout=120
#
#nopriv_user=ftpsecure
#
#async_abor_enable=YES
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
#deny_email_enable=YES
#
#chroot_list_enable=YES
#
#chroot_list_file=/etc/vsftpd/chroot_list
#
#ls_recurse_enable=YES
#
listen=YES
#
listen_port=21
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
上面配置文件中的部分,注释省略了,谢谢指点。是不是防火墙的问题,但是我查看了20和21端口是添加成功的。
[root@localhost sysconfig]# cat iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
这次把RedHat 4.7 换成了5.2的,配置没有什么变化。
我就是纳闷了,我最后只好用linux系统接到外网上,直接拨号去,这样通过外网IP可以访问到FTP服务器。这是什么原因,我朋友一个大的软件要传过来,请教高手赐教,服务器只能架设到内网来,不然别人就上不了网了。急,,,
[root@localhost vsftpd]# cat vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
... ...省略
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
local_umask=022
#anon_upload_enable=YES
#
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
xferlog_enable=YES
connect_from_port_20=YES
#
#chown_uploads=YES
#chown_username=whoever
#
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
#
#data_connection_timeout=120
#
#nopriv_user=ftpsecure
#
#async_abor_enable=YES
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
#deny_email_enable=YES
#
#chroot_list_enable=YES
#
#chroot_list_file=/etc/vsftpd/chroot_list
#
#ls_recurse_enable=YES
#
listen=YES
#
listen_port=21
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
上面配置文件中的部分,注释省略了,谢谢指点。是不是防火墙的问题,但是我查看了20和21端口是添加成功的。
[root@localhost sysconfig]# cat iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
|
內網可以訪問,外網不能訪問,將端口做個映射就可以啦。
|
防火墙,selinux