명령줄을 통해 ftp를 사용하면 연결하고 인증할 수 있지만 명령을 실행하면 연결이 거부되었습니다라는 메시지가 표시됩니다. 다른 서버와 로컬 Windows FTP 클라이언트에서 이 FTP 서버에 연결할 수 있습니다. 나는 이것이 iptables 문제라고 생각하지만 그것을 알아낼 수 없습니다
CentOS7
iptables-Ln
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:21
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:20
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpts:1024:65535 state NEW,RELATED,ESTABLISHED
FTP 출력
Connected to ftpserver.com
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 6 of 500 allowed.
220-Local time is now 11:40. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 15 minutes of inactivity.
Name (ftpserver.com:root): [email protected]
331 User [email protected] OK. Password required
Password:
230-Your bandwidth usage is restricted
230 OK. Current restricted directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (107,180,25,79,195,132)
ftp: connect: Connection refused
ftp>
iptables/시스템 구성
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 20 -j ACCEPT
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 21 -j ACCEPT
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 20 -j ACCEPT
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 21 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 20 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 21 -j ACCEPT
-A OUTPUT ! -o lo -p udp -m conntrack --ctstate NEW -m udp --dport 20 -j ACCEPT
-A OUTPUT ! -o lo -p udp -m conntrack --ctstate NEW -m udp --dport 21 -j ACCEPT