Summary of common errors in FTP setup under Linux operating system

Others 2021-01-27 00:06:47 views: null

1. The Linux instance reports "553 Could not create file" error when uploading files via vsftp:

Solution
Execute the following command to confirm that the server's disk space is full, and the file cannot be uploaded will report this error.

 df -h

The system display is similar to the following. Insert picture description here
Execute the following command to confirm that the FTP home directory does not have write permission.

ls -l /home/ftp

Insert picture description here
Specifically, based on your own ftp directory,
execute the following command, plus write permissions.

chmod +w /home/ftp

Execute the following command to confirm that the permissions are added successfully.

ls -l /home/zhengbo

Then perform the file upload test.

2. Server FTP connection error 421

The reason for the error screenshot is as follows
Insert picture description here
: There are too many people connected to the ftp at the same time. Generally, ftp websites have an upper limit for the number of simultaneous logins. If the upper limit is exceeded, a 421 error will occur.

Problem solving:
In the ftp software, the number of retries is changed to 999, and the retry interval is changed to 60 seconds. Generally, it will be connected within a few minutes to half an hour. It should be noted that some websites have connection time settings. After uploading, if you don't download for a certain period of time, it will be disconnected automatically, so you should always check if it is connected.
Insert picture description here

3.Linux Vsftpd active and passive mode iptables settings

FTP connection includes:

(1) A control connection: This connection is used to transmit client commands and server responses to commands, such as: login username and password, change directory commands CWD, PUT, GET files. It uses TCP port 21.

(2) Multiple data connections: These connections are used to transfer files and other data, such as the directory list command LIST. The port used depends on the working mode of the FTP server.

The difference between the active and passive modes of vsftpd is the issuer of the PORT command, or the active initiator of the data connection.

In the active mode, the client informs the server of its own listening port through PORT, and then the server initiates a connection to the port announced by the client through the port in the active mode defined by itself (the default is 20).

In passive mode, after receiving the PASV command from the client, the server sends the port number to the client through PORT, and the client connects to this port for data transmission.

1. iptables settings in active mode

In this mode, because the client needs to connect to port 21 of the server, and port 20 of the server actively externalizes the client’s port, it is necessary to ensure that 21 in the INPUT direction allows access, and 20 in the OUTPUT direction allows access (usually OUTPUT defaults to ACCEPT So this does not need to be set. If it is DROP, you need to add 20 access rules for the outgoing direction), and the RELATED and ESTABLISHED rules created. details as follows:

iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

2. iptables settings in passive mode

Different strategies can be used for vsftpd settings

(1), vsftpd does not specify the port range of passive mode

Add in /etc/sysconfig/iptables-config: IPTABLES_MODULES="ip_conntrack_ftp", load the ip_conntrack_ftp module to filter and transmit the data passing through the data connection related to the ftp control connection. After modifying the settings, use service iptables restart to load the new module. At the same time iptables needs to allow access to port 21.

iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

(2), vsftpd specifies the port range of passive mode

You can also use the scheme in (1), or you can allow access to a specified range of ports in the INPUT chain of iptables. For
example:
set in /etc/vsftpd/vsftpd.conf:

pasv_enable=YES

pasv_min_port=6666

pasv_max_port=8888

Open this port in iptables:

iptables -A INPUT -p tcp --dport 21 -j ACCEPT

iptables -A INPUT -p tcp --dport 6666:8888 -j ACCEPT或 iptables -A INPUT -p tcp -m multiport 6666:8888 -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Guess you like

Origin blog.csdn.net/qq_17030783/article/details/99682725
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com