Warning message

This translation is outdated. For the most up-to-date information, please refer to the English version.

vsftpd サーバーにファイルが送信されないにも関わらず、vsftpd サーバーがクライアントに "226 File receive OK." を返す

Solution Verified - Updated -

Issue

  • 以下 passive モードの環境で、ftp クライアントから vsftpd サーバーにファイルをアップロードします。
ftp <ip address>  
Connected to 10.64.208.100.  
220 (vsFTPd 2.0.5)  
530; Please login with USER and PASS.  
530 Please login with USER and; PASS.  
KERBEROS_V4 rejected as an authentication type  
Name; (10.64.208.100:user): user  
331 Please specify the password.  
Password:  
230 Login successful.  
cr  
Carriage Return stripping off.  
Remote; system type is UNIX.  
Using binary mode to transfer files.  
ftp passive  
Passive mode off.  
ftp put ftptest  
local: ftptest; remote: ftptest  
200 PORT command successful.Consider using PASV.  
150; Ok to send data.  
 (Push Ctrl + C)  
send aborted  
waiting for remote to finish 
abort  
226 File receive OK.  
ftp&gt; by  
221 Goodbye.  
vsftp log
Sat; Jul; 2 15:34:54 2011 [pid 3365] CONNECT:Client "10.64.208.213"  
Sat; Jul; 2 15:34:58 2011 \[pid 3364\] \[user\] OK LOGIN:Client; "10.64.208.213"  
Sat Jul; 2 15:35:08 2011 \[pid 3366\] \[user\] OK; UPLOAD:Client "10.64.208.213", "/home/user/ftptest", 0.00Kbyte/sec  
  • ファイルは vsftpd サーバーに送信されてないにも関わらず vsftpd が以下を返します。
"226 File receive OK." to the client.; The vsftped log; also said "OK UPLOAD".  
  • これは passive モードの場合に限り発生します。

Environment

  • Red Hat Enterprise Linux Server リリース 5.5 (Tikanga)
  • vsftpd-2.0.5-16.el5_6.1
  • ftp クライアント
# iptables -L  
Chain INPUT (policy ACCEPT)  
target prot opt source destination  
REJECT tcp -- anywhere anywhere tcp spt:ftp-data reject-with icmp-net-unreachable

Chain FORWARD (policy ACCEPT)  
target prot opt source destination

Chain OUTPUT (policy ACCEPT)  
target prot opt source destination

Chain RH-Firewall-1-INPUT (0 references)  
target prot opt source destination

iptables が以下のいずれかの設定を持っている場合、この問題は常に発生します。

iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with tcp-reset  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-net-unreachable  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-host-prohibited  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-net-prohibited  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-admin-prohibited  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-proto-unreachable  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-port-unreachable  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-host-unreachable

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In