Quick HOWTO : Ch15 : Linux FTP Server Setup/zh:修订间差异

Shqlsl留言 | 贡献
第43行: 第43行:


=== Passive FTP ===
=== Passive FTP ===

2009年3月8日 (日) 20:19的版本



本章节将向您展示如何利用Fedora中默认的 非常安全FTP守护进程(VSFTPD)软件包 使您的linux服务器成为一个FTP服务器。

FTP 总览


FTP控制通道,TCP 21 端口:所有您发出和FTP服务器的响应命令都是通过这条控制通道来传递的,但是任何返回的数据(例如: "ls" 命令 显示文件或目录列表)都将通过数据通道来传递。

FTP 数据通道,TCP 20 端口:这个端口用于客户端和服务器端所有并发数据的传输。




图 15-1 主动和被动 FTP 说明


From a user management perspective there are also two types of FTP: regular FTP in which files are transferred using the username and password of a regular user FTP server, and anonymous FTP in which general access is provided to the FTP server using a well known universal login method.从用户管理的角度来看FTP可分为2类:常规FTP,这此种FTP服务器文件传输需要使用通过验证的用户名和密码,匿名FTP提供全体都可以登陆进行普通的访问. Take a closer look at each type. 仔细看下面的每个类型.

主动 FTP


  1. 服务器的FTP服务端以端口21和你的客户端建立连接。你的命令,例如“ls”和“get”通过这个连接来发送。
  2. 一旦客户端通过控制连接发送一个数据请求,服务器端就会和建立一个数据传输连接反户客户端。这个数据传输连接的源端口在服务器端通常为20,而目的端口在客户端上则通常为一个高于1024的端口。

  1. Thus the ls listing that you asked for comes back over the port 20 to high port connection, not the port 21 control connection.

FTP active mode therefore transfers data in a counter intuitive way to the TCP standard, as it selects port 20 as it's source port (not a random high port that's greater than 1024) and connects back to the client on a random high port that has been pre-negotiated on the port 21 control connection.

Active FTP may fail in cases where the client is protected from the Internet via many to one NAT (masquerading). This is because the firewall will not know which of the many servers behind it should receive the return connection.

主动ftp可能失败原因在客户端保护来在互联网路由可能由一个地址转换防火墙不会知道许多服务器在这个接收都需要返回. 主动FTP失败的原因可能是客户端由一个地址转换路由与互联网隔离了。防火墙不会知道许多服务器在这个接收都需要返回.

Passive FTP

Passive FTP works differently:

  1. Your client connects to the FTP server by establishing an FTP control connection to port 21 of the server. Your commands such as ls and get are sent over that connection.
  2. Whenever the client requests data over the control connection, the client initiates the data transfer connections to the server. The source port of these data transfer connections is always a high port on the client with a destination port of a high port on the server.

Passive FTP should be viewed as the server never making an active attempt to connect to the client for FTP data transfers. Because client always initiates the required connections, passive FTP works better for clients protected by a firewall.

As Windows defaults to active FTP, and Linux defaults to passive, you'll probably have to accommodate both forms when deciding upon a security policy for your FTP server.




由于windows 默认是工作主动Ftp.Linux默认是工作在被动ftp.你要必须在你的ftp服务器容纳这两种不同工作方式.

Regular FTP 常规FTP服务器

By default, the VSFTPD package allows regular Linux users to copy files to and from their home directories with an FTP client using their Linux usernames and passwords as their login credentials.

VSFTPD also has the option of allowing this type of access to only a group of Linux users, enabling you to restrict the addition of new files to your system to authorized personnel.

The disadvantage of regular FTP is that it isn't suitable for general download distribution of software as everyone either has to get a unique Linux user account or has to use a shared username and password. Anonymous FTP allows you to avoid this difficulty. 默认情况下,VSFTPD包容许经过用户名和密码从FTP客户端登陆验证后,复制来他们的目录文件.




=== Anonymous FTP ===匿名FTP

Anonymous FTP is the choice of Web sites that need to exchange files with numerous unknown remote users. Common uses include downloading software updates and MP3s and uploading diagnostic information for a technical support engineers' attention. Unlike regular FTP where you login with a preconfigured Linux username and password, anonymous FTP requires only a username of anonymous and your email address for the password. Once logged in to a VSFTPD server, you automatically have access to only the default anonymous FTP directory (/var/ftp in the case of VSFTPD) and all its subdirectories.

As seen in Chapter 6, "Installing Linux Software", using anonymous FTP as a remote user is fairly straight forward. VSFTPD can be configured to support user-based and or anonymous FTP in its configuration file which you'll see later.


常见用途包括 下载软件更新,mp3,上传错误的信息给技术支持的工程引起注意.不像常规FTP如果你


入默认的目录(至于VSFTPD默认是 /var/ftp).并且包括默认根目录下的子目录.

