Ftp
Ftp 檢索目錄列表失敗
我們的客戶有一個在 Windows 機器上執行的 FileZilla FTP 伺服器,我正在使用 FileZilla 客戶端來測試連接。該連接在我的辦公室以及我們所有的 Azure 伺服器上都有效,除了一台。
我在 FileZilla Client 中設置了調試選項,下面是成功和失敗的連接。為什麼連接在一台伺服器上成功但在另一台伺服器上失敗?
我們連接到客戶 FTP 的兩台伺服器都在 Azure 中,都是執行相同作業系統的 VM
成功的
Status: Disconnected from server Trace: CRealControlSocket::DoClose(66) Trace: CControlSocket::DoClose(66) Trace: CFtpControlSocket::ResetOperation(66) Trace: CControlSocket::ResetOperation(66) Trace: CFileZillaEnginePrivate::ResetOperation(66) Trace: CRealControlSocket::DoClose(66) Trace: CControlSocket::DoClose(66) Trace: CControlSocket::DoClose(66) Trace: CFileZillaEnginePrivate::ResetOperation(0) Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 0 Status: Resolving address of *SERVER DNS* Status: Connecting to *SERVER IP*:2121... Status: Connection established, waiting for welcome message... Trace: CFtpControlSocket::OnReceive() Response: 220 PPW FTP Server Trace: CFtpLogonOpData::ParseResponse() in state 1 Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 2 Command: AUTH TLS Trace: CFtpControlSocket::OnReceive() Response: 502 Explicit TLS authentication not allowed Trace: CFtpLogonOpData::ParseResponse() in state 2 Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 3 Command: AUTH SSL Trace: CFtpControlSocket::OnReceive() Response: 502 Explicit TLS authentication not allowed Trace: CFtpLogonOpData::ParseResponse() in state 3 Status: Insecure server, it does not support FTP over TLS. Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 5 Command: USER printiq Trace: CFtpControlSocket::OnReceive() Response: 331 Password required for printiq Trace: CFtpLogonOpData::ParseResponse() in state 5 Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 5 Command: PASS ******** Trace: CFtpControlSocket::OnReceive() Response: 230 Logged on Trace: CFtpLogonOpData::ParseResponse() in state 5 Status: Logged in Trace: Measured latency of 46 ms Trace: CFtpControlSocket::ResetOperation(0) Trace: CControlSocket::ResetOperation(0) Trace: CFileZillaEnginePrivate::ResetOperation(0) Status: Retrieving directory listing... Trace: CControlSocket::SendNextCommand() Trace: CFtpListOpData::ListSend() in state 0 Trace: CFtpChangeDirOpData::Send() in state 0 Trace: CFtpChangeDirOpData::Send() in state 1 Command: PWD Trace: CFtpControlSocket::OnReceive() Response: 257 "/" is current directory. Trace: CFtpChangeDirOpData::ParseResponse() in state 1 Trace: CFtpControlSocket::ResetOperation(0) Trace: CControlSocket::ResetOperation(0) Trace: CControlSocket::ParseSubcommandResult(0) Trace: CFtpListOpData::SubcommandResult() in state 1 Trace: CControlSocket::SendNextCommand() Trace: CFtpListOpData::ListSend() in state 2 Trace: CFtpControlSocket::ResetOperation(0) Trace: CControlSocket::ResetOperation(0) Status: Directory listing of "/" successful Trace: CFileZillaEnginePrivate::ResetOperation(0)
失敗的
Status: Disconnected from server Trace: CRealControlSocket::DoClose(66) Trace: CControlSocket::DoClose(66) Trace: CFtpControlSocket::ResetOperation(66) Trace: CControlSocket::ResetOperation(66) Trace: CFileZillaEnginePrivate::ResetOperation(66) Trace: CRealControlSocket::DoClose(66) Trace: CControlSocket::DoClose(66) Trace: CControlSocket::DoClose(66) Trace: CFileZillaEnginePrivate::ResetOperation(0) Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 0 Status: Resolving address of *SERVER DNS* Status: Connecting to **SERVER IP**:2121... Status: Connection established, waiting for welcome message... Trace: CFtpControlSocket::OnReceive() Response: 220 PPW FTP Server Trace: CFtpLogonOpData::ParseResponse() in state 1 Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 2 Command: AUTH TLS Trace: CFtpControlSocket::OnReceive() Response: 502 Explicit TLS authentication not allowed Trace: CFtpLogonOpData::ParseResponse() in state 2 Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 3 Command: AUTH SSL Trace: CFtpControlSocket::OnReceive() Response: 502 Explicit TLS authentication not allowed Trace: CFtpLogonOpData::ParseResponse() in state 3 Status: Insecure server, it does not support FTP over TLS. Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 5 Command: USER printiq Trace: CFtpControlSocket::OnReceive() Response: 331 Password required for printiq Trace: CFtpLogonOpData::ParseResponse() in state 5 Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 5 Command: PASS ******** Trace: CFtpControlSocket::OnReceive() Response: 230 Logged on Trace: CFtpLogonOpData::ParseResponse() in state 5 Status: Logged in Trace: Measured latency of 38 ms Trace: CFtpControlSocket::ResetOperation(0) Trace: CControlSocket::ResetOperation(0) Trace: CFileZillaEnginePrivate::ResetOperation(0) Status: Retrieving directory listing... Trace: CControlSocket::SendNextCommand() Trace: CFtpListOpData::ListSend() in state 0 Trace: CFtpChangeDirOpData::Send() in state 0 Trace: CFtpChangeDirOpData::Send() in state 1 Command: PWD Trace: CFtpControlSocket::OnReceive() Response: 257 "/" is current directory. Trace: CFtpChangeDirOpData::ParseResponse() in state 1 Trace: CFtpControlSocket::ResetOperation(0) Trace: CControlSocket::ResetOperation(0) Trace: CControlSocket::ParseSubcommandResult(0) Trace: CFtpListOpData::SubcommandResult() in state 1 Trace: CControlSocket::SendNextCommand() Trace: CFtpListOpData::ListSend() in state 2 Trace: CFtpRawTransferOpData::Send() in state 1 Command: TYPE I Trace: CFtpControlSocket::OnReceive() Response: 200 Type set to I Trace: CFtpRawTransferOpData::ParseResponse() in state 1 Trace: CControlSocket::SendNextCommand() Trace: CFtpRawTransferOpData::Send() in state 2 Command: PASV Trace: CFtpControlSocket::OnReceive() Response: 227 Entering Passive Mode (*SERVER IP*,234,225) Trace: CFtpRawTransferOpData::ParseResponse() in state 2 Trace: CControlSocket::SendNextCommand() Trace: CFtpRawTransferOpData::Send() in state 4 Trace: Binding data connection source IP to control connection source IP 10.0.0.4 Command: MLSD Trace: CFtpControlSocket::OnReceive() Response: 425 Can't open data connection for transfer of "/" Trace: CFtpRawTransferOpData::ParseResponse() in state 4 Trace: CFtpControlSocket::ResetOperation(2) Trace: CControlSocket::ResetOperation(2) Trace: CControlSocket::ParseSubcommandResult(2) Trace: CFtpListOpData::SubcommandResult() in state 3 Trace: CFtpControlSocket::ResetOperation(2) Trace: CControlSocket::ResetOperation(2) Error: Failed to retrieve directory listing Trace: CFileZillaEnginePrivate::ResetOperation(2)
這通常是 FTP 的主動/被動模式的問題。
大多數伺服器/客戶端 FTP 方案在被動模式下工作,您可以在日誌中看到您的客戶端已切換到 PASV 模式。
提供一點背景知識,當您連接到 FTP 伺服器時,會建立一個控制連接,並建立一個數據連接。通過控制連接發送 FTP 命令並接收響應。實際數據(如文件列表或目錄列表)通過數據連接發送。
在 FTP 主動模式下,您的客戶端向伺服器發起控制連接,伺服器向客戶端發起數據連接。在現代 IT 網路中,這並不能很好地工作,因為大多數客戶端都位於經過 NAT 的網路之後,並且需要埠轉發。
作為一種解決方法,被動模式會導致客戶端同時啟動控制連接和數據連接。數據連接發生在伺服器指定的隨機埠上。
在您的場景中,您似乎已成功創建控制連接並登錄。但是一旦您嘗試在數據連接上列出目錄,它就會失敗。
因此,客戶端和伺服器之間的防火牆阻止了客戶端嘗試向伺服器發起的連接。由於其他客戶端可以正常連接,它可能不在伺服器端,但很可能是它阻止了與客戶端連接相關的某些 IP 或埠。
PASV 模式是典型的使用模式,也是最可靠的模式,除非伺服器和客戶端都有公共 IP 地址,或者在客戶端進行了一些其他網路修改以適應隨機 FTP 數據連接。