본문 바로가기

리눅스

FTP(vsftp) 전송 모드(Active Mode/Passive Mode)

반응형

FTP(vsftp) 전송 모드(Active Mode/Passive Mode)

테스트 환경

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.1 LTS
Release:        22.04
Codename:       jammy

vsftpd(ftp) 서버 설치

apt-get install -y vsftpd

vsftpd 버전 정보

$ vsftpd -version 
vsftpd: version 3.0.5

vsftpd.conf(/etc/vsftpd.conf) 기본 설정

$ cat /etc/vsftpd.conf | egrep -v '^$|^#'
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO

vsftpd 서비스 재시작

systemctl --now enable vsftpd

FTP 연결을 위한 Active Mode 와 Passive Mode

 

Active vs. Passive Modes Connection Flows

출처-https://www.baeldung.com/wp-content/uploads/sites/4/2021/12/f1.svg

 

컨트롤 프로토콜과 데이터 프로토콜이 다른 경우의 고려사항

출처-https://thebook.io/img/007046/209.jpg

 

전송 모드 테스트

pasv_enable=NO - Active Mode
ftp ftp.scbyun.com
Connected to ftp.scbyun.com (ftp.scbyun.com).
220 Welcome to blah FTP service.
Name (ftp.scbyun.com:root): ftpuser1
331 Please specify the password.
Password:ftpuser1
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
550 Permission denied.
Passive mode refused.
ftp> pass
Passive mode off.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x    2 1003     1003         4096 Jan 06 10:45 ftpuser1.txt
226 Directory send OK.
ftp> quit
221 Goodbye.
pasv_enable=YES - Passive Mode
ftp ftp.scbyun.com
Connected to ftp.scbyun.com (ftp.scbyun.com).
220 Welcome to blah FTP service.
Name (ftp.scbyun.com:root): ftpuser1
331 Please specify the password.
Password:ftpuser1
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
421 Service not available, remote server has closed connection
Passive mode refused.
ftp> pass
Passive mode off.
ftp> ls
Not connected.
ftp> quit
ftp ftp.scbyun.com
Connected to ftp.scbyun.com (ftp.scbyun.com).
220 Welcome to blah FTP service.
Name (ftp.scbyun.com:root): ftpuser1
331 Please specify the password.
Password:ftpuser1
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pass
Passive mode off.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x    2 1003     1003         4096 Jan 06 10:45 ftpuser1.txt
226 Directory send OK.
ftp> quit
221 Goodbye.
728x90

 

vsftp 설정

vim /etc/vsftpd.conf
listen=YES
listen_ipv6=NO

anonymous_enable=NO
local_enable=YES
write_enable=YES

local_umask=022

dirmessage_enable=YES

use_localtime=YES

xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES

idle_session_timeout=600
data_connection_timeout=120

ftpd_banner=Welcome to blah FTP service.

chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd

####################################################
####################################################
####################################################
allow_writeable_chroot=YES

userlist_enable=NO
userlist_file=/etc/vsftpd.user_list
userlist_deny=NO

#tcp_wrappers=YES
#listen_port=7777

pasv_enable=YES
pasv_min_port=50100
pasv_max_port=50200

 

vim /etc/vsftpd.chroot_list
ftpuser1

 

vim /etc/vsftpd.user_list
ftpuser1

 

systemctl restart vsftpd

 

방화벽 오픈


클라이언트 접속 테스트

리눅스 클라이언트

$ ftp ftp.scbyun.com
Connected to ftp.scbyun.com (ftp.scbyun.com).
220 Welcome to blah FTP service.
Name (ftp.scbyun.com:root): ftpuser1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode off.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-rw-r--    1 1003     1003           13 Jan 06 13:33 ftpuser1.txt
226 Directory send OK.
ftp> get ftpuser1.txt
local: ftpuser1.txt remote: ftpuser1.txt
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for ftpuser1.txt (13 bytes).
226 Transfer complete.
13 bytes received in 5.8e-05 secs (224.14 Kbytes/sec)
ftp> quit
221 Goodbye.

원도우 클라이언트

>ftp ftp.scbyun.com
ftp.scbyun.com에 연결되었습니다.
220 Welcome to blah FTP service.
200 Always in UTF8 mode.
사용자(ftp.scbyun.com:(none)): ftpuser1
331 Please specify the password.
암호:
230 Login successful.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
ftpuser1.txt
226 Directory send OK.
ftp: 0.00초 8.50KB/초
ftp> get ftpuser1.txt
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for ftpuser1.txt (13 bytes).
226 Transfer complete.
ftp: 0.00초 13000.00KB/초
ftp> quit
221 Goodbye.

 

728x90
반응형