FTP(vsftp) Transfer mode(전송 모드, Active Mode/Passive Mode)

by

FTP 전송모드

테스트 환경
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy

vsftpd(ftp) 서버 설치
apt-get install -y vsftpd

vsftpd 버전 정보

$ vsftpd -version
vsftpd: version 3.0.5
vsftpd.conf(/etc/vsftpd.conf) 기본 설정

$ cat /etc/vsftpd.conf | egrep -v ‘^$|^#’
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO

vsftpd 서비스 재시작
systemctl –now enable vsftpd

FTP 연결을 위한 Active Mode 와 Passive Mode

Active vs. Passive Modes Connection Flows

※ 컨트롤 프로토콜과 데이터 프로토콜이 다른 경우의 고려사항


전송 모드 테스트

pasv_enable=NO – Active Mode
$ ftp ftp.scbyun.com
Connected to ftp.scbyun.com (ftp.scbyun.com).
220 Welcome to blah FTP service.
Name (ftp.scbyun.com:root): ftpuser1
331 Please specify the password.
Password:ftpuser1
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
550 Permission denied.
Passive mode refused.
ftp> pass
Passive mode off.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x 2 1003 1003 4096 Jan 06 10:45 ftpuser1.txt
226 Directory send OK.
ftp> quit
221 Goodbye.
pasv_enable=YES – Passive Mode
$ ftp ftp.scbyun.com
Connected to ftp.scbyun.com (ftp.scbyun.com).
220 Welcome to blah FTP service.
Name (ftp.scbyun.com:root): ftpuser1
331 Please specify the password.
Password:ftpuser1
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
421 Service not available, remote server has closed connection
Passive mode refused.
ftp> pass
Passive mode off.
ftp> ls
Not connected.
ftp> quit
$ ftp ftp.scbyun.com
Connected to ftp.scbyun.com (ftp.scbyun.com).
220 Welcome to blah FTP service.
Name (ftp.scbyun.com:root): ftpuser1
331 Please specify the password.
Password:ftpuser1
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pass
Passive mode off.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x 2 1003 1003 4096 Jan 06 10:45 ftpuser1.txt
226 Directory send OK.
ftp> quit
221 Goodbye.


vsftp 설정
vim /etc/vsftpd.conf
listen=YES
listen_ipv6=NO

anonymous_enable=NO
local_enable=YES
write_enable=YES

local_umask=022

dirmessage_enable=YES

use_localtime=YES

xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES

idle_session_timeout=600
data_connection_timeout=120

ftpd_banner=Welcome to blah FTP service.

chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd

####################################################
####################################################
####################################################
allow_writeable_chroot=YES

userlist_enable=NO
userlist_file=/etc/vsftpd.user_list
userlist_deny=NO

#tcp_wrappers=YES
#listen_port=7777

pasv_enable=YES
pasv_min_port=50100
pasv_max_port=50200


vim /etc/vsftpd.chroot_list
ftpuser1


vim /etc/vsftpd.user_list
ftpuser1


systemctl restart vsftpd

방화벽 오픈 확인(firewalld, iptables)

클라이언트 접속 테스트(리눅스 클라이언트)

$ ftp ftp.scbyun.com
Connected to ftp.scbyun.com (ftp.scbyun.com).
220 Welcome to blah FTP service.
Name (ftp.scbyun.com:root): ftpuser1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode off.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-rw-r– 1 1003 1003 13 Jan 06 13:33 ftpuser1.txt
226 Directory send OK.
ftp> get ftpuser1.txt
local: ftpuser1.txt remote: ftpuser1.txt
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for ftpuser1.txt (13 bytes).
226 Transfer complete.
13 bytes received in 5.8e-05 secs (224.14 Kbytes/sec)
ftp> quit
221 Goodbye.

윈도우 클라이언트

>ftp ftp.scbyun.com
ftp.scbyun.com에 연결되었습니다.
220 Welcome to blah FTP service.
200 Always in UTF8 mode.
사용자(ftp.scbyun.com:(none)): ftpuser1
331 Please specify the password.
암호:
230 Login successful.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
ftpuser1.txt
226 Directory send OK.
ftp: 0.00초 8.50KB/초
ftp> get ftpuser1.txt
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for ftpuser1.txt (13 bytes).
226 Transfer complete.
ftp: 0.00초 13000.00KB/초
ftp> quit
221 Goodbye.

Leave a Comment