Translated message

A translation of this page exists in English.

vsftpd サーバーにファイルが送信されないにも関わらず、vsftpd サーバーがクライアントに "226 File receive OK." を返す

Solution Verified - Updated -

Issue

  • 以下 passive モードの環境で、ftp クライアントから vsftpd サーバーにファイルをアップロードします。
ftp <ip address>  
Connected to 10.64.208.100.  
220 (vsFTPd 2.0.5)  
530; Please login with USER and PASS.  
530 Please login with USER and; PASS.  
KERBEROS_V4 rejected as an authentication type  
Name; (10.64.208.100:user): user  
331 Please specify the password.  
Password:  
230 Login successful.  
cr  
Carriage Return stripping off.  
Remote; system type is UNIX.  
Using binary mode to transfer files.  
ftp passive  
Passive mode off.  
ftp put ftptest  
local: ftptest; remote: ftptest  
200 PORT command successful.Consider using PASV.  
150; Ok to send data.  
 (Push Ctrl + C)  
send aborted  
waiting for remote to finish 
abort  
226 File receive OK.  
ftp&gt; by  
221 Goodbye.  

vsftp log
Sat; Jul; 2 15:34:54 2011 [pid 3365] CONNECT:Client "10.64.208.213"  
Sat; Jul; 2 15:34:58 2011 \[pid 3364\] \[user\] OK LOGIN:Client; "10.64.208.213"  
Sat Jul; 2 15:35:08 2011 \[pid 3366\] \[user\] OK; UPLOAD:Client "10.64.208.213", "/home/user/ftptest", 0.00Kbyte/sec
  • ファイルは vsftpd サーバーに送信されてないにも関わらず vsftpd が以下を返します。
"226 File receive OK." to the client.; The vsftped log; also said "OK UPLOAD".
  • これは passive モードの場合に限り発生します。

Environment

  • Red Hat Enterprise Linux Server リリース 5.5 (Tikanga)
  • vsftpd-2.0.5-16.el5_6.1
  • ftp クライアント
# iptables -L  
Chain INPUT (policy ACCEPT)  
target prot opt source destination  
REJECT tcp -- anywhere anywhere tcp spt:ftp-data reject-with icmp-net-unreachable

Chain FORWARD (policy ACCEPT)  
target prot opt source destination

Chain OUTPUT (policy ACCEPT)  
target prot opt source destination

Chain RH-Firewall-1-INPUT (0 references)  
target prot opt source destination

iptables が以下のいずれかの設定を持っている場合、この問題は常に発生します。

iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with tcp-reset  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-net-unreachable  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-host-prohibited  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-net-prohibited  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-admin-prohibited  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-proto-unreachable  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-port-unreachable  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-host-unreachable

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content