Ftp

Ftp 檢索目錄列表失敗

  • November 19, 2017

我們的客戶有一個在 Windows 機器上執行的 FileZilla FTP 伺服器,我正在使用 FileZilla 客戶端來測試連接。該連接在我的辦公室以及我們所有的 Azure 伺服器上都有效,除了一台。

我在 FileZilla Client 中設置了調試選項,下面是成功和失敗的連接。為什麼連接在一台伺服器上成功但在另一台伺服器上失敗?

我們連接到客戶 FTP 的兩台伺服器都在 Azure 中,都是執行相同作業系統的 VM

成功的

Status: Disconnected from server
Trace:  CRealControlSocket::DoClose(66)
Trace:  CControlSocket::DoClose(66)
Trace:  CFtpControlSocket::ResetOperation(66)
Trace:  CControlSocket::ResetOperation(66)
Trace:  CFileZillaEnginePrivate::ResetOperation(66)
Trace:  CRealControlSocket::DoClose(66)
Trace:  CControlSocket::DoClose(66)
Trace:  CControlSocket::DoClose(66)
Trace:  CFileZillaEnginePrivate::ResetOperation(0)
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 0
Status: Resolving address of *SERVER DNS*
Status: Connecting to *SERVER IP*:2121...
Status: Connection established, waiting for welcome message...
Trace:  CFtpControlSocket::OnReceive()
Response:   220 PPW FTP Server
Trace:  CFtpLogonOpData::ParseResponse() in state 1
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 2
Command:    AUTH TLS
Trace:  CFtpControlSocket::OnReceive()
Response:   502 Explicit TLS authentication not allowed
Trace:  CFtpLogonOpData::ParseResponse() in state 2
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 3
Command:    AUTH SSL
Trace:  CFtpControlSocket::OnReceive()
Response:   502 Explicit TLS authentication not allowed
Trace:  CFtpLogonOpData::ParseResponse() in state 3
Status: Insecure server, it does not support FTP over TLS.
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 5
Command:    USER printiq
Trace:  CFtpControlSocket::OnReceive()
Response:   331 Password required for printiq
Trace:  CFtpLogonOpData::ParseResponse() in state 5
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 5
Command:    PASS ********
Trace:  CFtpControlSocket::OnReceive()
Response:   230 Logged on
Trace:  CFtpLogonOpData::ParseResponse() in state 5
Status: Logged in
Trace:  Measured latency of 46 ms
Trace:  CFtpControlSocket::ResetOperation(0)
Trace:  CControlSocket::ResetOperation(0)
Trace:  CFileZillaEnginePrivate::ResetOperation(0)
Status: Retrieving directory listing...
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpListOpData::ListSend() in state 0
Trace:  CFtpChangeDirOpData::Send() in state 0
Trace:  CFtpChangeDirOpData::Send() in state 1
Command:    PWD
Trace:  CFtpControlSocket::OnReceive()
Response:   257 "/" is current directory.
Trace:  CFtpChangeDirOpData::ParseResponse() in state 1
Trace:  CFtpControlSocket::ResetOperation(0)
Trace:  CControlSocket::ResetOperation(0)
Trace:  CControlSocket::ParseSubcommandResult(0)
Trace:  CFtpListOpData::SubcommandResult() in state 1
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpListOpData::ListSend() in state 2
Trace:  CFtpControlSocket::ResetOperation(0)
Trace:  CControlSocket::ResetOperation(0)
Status: Directory listing of "/" successful
Trace:  CFileZillaEnginePrivate::ResetOperation(0)

失敗的

Status: Disconnected from server
Trace:  CRealControlSocket::DoClose(66)
Trace:  CControlSocket::DoClose(66)
Trace:  CFtpControlSocket::ResetOperation(66)
Trace:  CControlSocket::ResetOperation(66)
Trace:  CFileZillaEnginePrivate::ResetOperation(66)
Trace:  CRealControlSocket::DoClose(66)
Trace:  CControlSocket::DoClose(66)
Trace:  CControlSocket::DoClose(66)
Trace:  CFileZillaEnginePrivate::ResetOperation(0)
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 0
Status: Resolving address of *SERVER DNS*
Status: Connecting to **SERVER IP**:2121...
Status: Connection established, waiting for welcome message...
Trace:  CFtpControlSocket::OnReceive()
Response:   220 PPW FTP Server
Trace:  CFtpLogonOpData::ParseResponse() in state 1
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 2
Command:    AUTH TLS
Trace:  CFtpControlSocket::OnReceive()
Response:   502 Explicit TLS authentication not allowed
Trace:  CFtpLogonOpData::ParseResponse() in state 2
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 3
Command:    AUTH SSL
Trace:  CFtpControlSocket::OnReceive()
Response:   502 Explicit TLS authentication not allowed
Trace:  CFtpLogonOpData::ParseResponse() in state 3
Status: Insecure server, it does not support FTP over TLS.
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 5
Command:    USER printiq
Trace:  CFtpControlSocket::OnReceive()
Response:   331 Password required for printiq
Trace:  CFtpLogonOpData::ParseResponse() in state 5
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 5
Command:    PASS ********
Trace:  CFtpControlSocket::OnReceive()
Response:   230 Logged on
Trace:  CFtpLogonOpData::ParseResponse() in state 5
Status: Logged in
Trace:  Measured latency of 38 ms
Trace:  CFtpControlSocket::ResetOperation(0)
Trace:  CControlSocket::ResetOperation(0)
Trace:  CFileZillaEnginePrivate::ResetOperation(0)
Status: Retrieving directory listing...
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpListOpData::ListSend() in state 0
Trace:  CFtpChangeDirOpData::Send() in state 0
Trace:  CFtpChangeDirOpData::Send() in state 1
Command:    PWD
Trace:  CFtpControlSocket::OnReceive()
Response:   257 "/" is current directory.
Trace:  CFtpChangeDirOpData::ParseResponse() in state 1
Trace:  CFtpControlSocket::ResetOperation(0)
Trace:  CControlSocket::ResetOperation(0)
Trace:  CControlSocket::ParseSubcommandResult(0)
Trace:  CFtpListOpData::SubcommandResult() in state 1
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpListOpData::ListSend() in state 2
Trace:  CFtpRawTransferOpData::Send() in state 1
Command:    TYPE I
Trace:  CFtpControlSocket::OnReceive()
Response:   200 Type set to I
Trace:  CFtpRawTransferOpData::ParseResponse() in state 1
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpRawTransferOpData::Send() in state 2
Command:    PASV
Trace:  CFtpControlSocket::OnReceive()
Response:   227 Entering Passive Mode (*SERVER IP*,234,225)
Trace:  CFtpRawTransferOpData::ParseResponse() in state 2
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpRawTransferOpData::Send() in state 4
Trace:  Binding data connection source IP to control connection source IP 10.0.0.4
Command:    MLSD
Trace:  CFtpControlSocket::OnReceive()
Response:   425 Can't open data connection for transfer of "/"
Trace:  CFtpRawTransferOpData::ParseResponse() in state 4
Trace:  CFtpControlSocket::ResetOperation(2)
Trace:  CControlSocket::ResetOperation(2)
Trace:  CControlSocket::ParseSubcommandResult(2)
Trace:  CFtpListOpData::SubcommandResult() in state 3
Trace:  CFtpControlSocket::ResetOperation(2)
Trace:  CControlSocket::ResetOperation(2)
Error:  Failed to retrieve directory listing
Trace:  CFileZillaEnginePrivate::ResetOperation(2)

這通常是 FTP 的主動/被動模式的問題。

大多數伺服器/客戶端 FTP 方案在被動模式下工作,您可以在日誌中看到您的客戶端已切換到 PASV 模式。

提供一點背景知識,當您連接到 FTP 伺服器時,會建立一個控制連接,並建立一個數據連接。通過控制連接發送 FTP 命令並接收響應。實際數據(如文件列表或目錄列表)通過數據連接發送。

在 FTP 主動模式下,您的客戶端向伺服器發起控制連接,伺服器向客戶端發起數據連接。在現代 IT 網路中,這並不能很好地工作,因為大多數客戶端都位於經過 NAT 的網路之後,並且需要埠轉發。

作為一種解決方法,被動模式會導致客戶端同時啟動控制連接和數據連接。數據連接發生在伺服器指定的隨機埠上。

在您的場景中,您似乎已成功創建控制連接並登錄。但是一旦您嘗試在數據連接上列出目錄,它就會失敗。

因此,客戶端和伺服器之間的防火牆阻止了客戶端嘗試向伺服器發起的連接。由於其他客戶端可以正常連接,它可能不在伺服器端,但很可能是它阻止了與客戶端連接相關的某些 IP 或埠。

PASV 模式是典型的使用模式,也是最可靠的模式,除非伺服器和客戶端都有公共 IP 地址,或者在客戶端進行了一些其他網路修改以適應隨機 FTP 數據連接。

引用自:https://serverfault.com/questions/884114