我正在排除特定客户端与服务器的 ftp 连接问题。不幸的是,将其设置为被动模式不是一个选择。我正在使用 ncftp 的调试模式来测试连接。
[myself@newqa ~]$ ncftp
NcFTP 3.2.4 (Apr 07, 2010) by Mike Gleason (http://www.NcFTP.com/contact/).
ncftp> debug
ncftp> passive
> passive
passive on
ncftp> passive
> passive
passive off
ncftp> open -u ftpuser my.server.com
> open -u ftpuser my.server.com
LibNcFTP 3.2.4 (April 3, 2010) compiled for linux-x86_64-glibc2.12
Uname: Linux|my.client.com|2.6.32-279.19.1.el6.x86_64|#1 SMP Sat Nov 24 14:35:28 EST 2012|x86_64
Contents of /etc/redhat-release:
Red Hat Enterprise Linux Server release 6.3 (Santiago)
Contents of /etc/issue:
Red Hat Enterprise Linux Server release 6.3 (Santiago)
Kernel \r on an \m
Glibc: 2.12 (stable)
Hello, dear user!
220: Hello, dear user!
Connected to 12.34.56.78.
Cmd: USER ftpuser
Password requested by 12.34.56.78 for user "ftpuser".
Please specify the password.
Password: ***********
331: Please specify the password.
Cmd: PASS xxxxxxxx
Login successful.
230: Login successful.
Cmd: PWD
257: "/"
Logged in to 12.34.56.78 as username.
Cmd: FEAT
211: Features:
EPRT
EPSV
MDTM
PASV
REST STREAM
SIZE
TVFS
End
Cmd: HELP SITE
214: The following commands are recognized.
ABOR ACCT ALLO APPE CDUP CWD DELE EPRT EPSV FEAT HELP LIST MDTM MKD
MODE NLST NOOP OPTS PASS PASV PORT PWD QUIT REIN REST RETR RMD RNFR
RNTO SITE SIZE SMNT STAT STOR STOU STRU SYST TYPE USER XCUP XCWD XMKD
XPWD XRMD
Help OK.
Logged in to www.server.com.
Cmd: CLNT NcFTP 3.2.4 linux-x86_64-glibc2.12
500: Unknown command.
ncftp / > dir
> dir
Cmd: PORT 10,36,219,101,167,190
Could not read reply from control connection -- timed out.
Could not read reply from control connection -- timed out.
List failed.
该机器托管在亚马逊,并且防火墙配置为允许从我的服务器的 IP 到客户端的所有 TCP 传入流量。
客户端中已禁用 iptables
[root@newqa ~]# /etc/init.d/iptables status
iptables: Firewall is not running.
客户端中已禁用 selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
当我从不同网络中的客户端尝试相同操作时发生的情况如下:
Logged in to my.server.com.
Cmd: CLNT NcFTP 3.2.5 linux-x86-glibc2.15
500: Unknown command.
ncftp / > dir
> dir
Cmd: PORT 192,168,1,36,221,20
200: PORT command successful. Consider using PASV.
Cmd: LIST
150: Here comes the directory listing.
226: Directory send OK.
Remote listing contents {
drwxr-xr-x 2 ftp ftp 4096 May 02 2013 bin
drwxr-xr-x 2 ftp ftp 4096 May 02 2013 dev
drwxr-xr-x 2 ftp ftp 4096 May 02 2013 etc
drwxr-xr-x 3 ftp ftp 4096 Mar 18 06:05 incoming
drwxr-xr-x 2 ftp ftp 4096 May 02 2013 lib
drwxr-xr-x 2 ftp ftp 4096 May 02 2013 lib64
drwxr-xr-x 5 ftp ftp 4096 May 02 2013 usr
}
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 bin
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 bin
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 dev
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 dev
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 etc
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 etc
drwxr-xr-x 3 ftp ftp 4096 Mar 18 06:05 incoming
drwxr-xr-x 3 ftp ftp 4096 Mar 18 06:05 incoming
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 lib
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 lib
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 lib64
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 lib64
drwxr-xr-x 5 ftp ftp 4096 May 2 2013 usr
drwxr-xr-x 5 ftp ftp 4096 May 2 2013 usr
不知道在哪里继续排除故障,有什么建议吗?
谢谢,
答案1
您在 PORT 命令中使用了私有 IP(10.36.219.101),例如,您不在 FTP 服务器可访问的公共网络中,而这是主动模式所必需的。如果您无法使用被动模式,则需要在设备上安装某种 FTP 代理,以将您的内部网络与公共互联网分开(例如 NAT 路由器或防火墙),并且此代理必须重写 FTP PORT 命令以使用其公共 IP。
答案2
经过大量调查,发现问题根源在于 Amazon EC2 设置不便于管理员操作,不允许 Active FTP 传输。解决方案:将机器移至其他托管服务提供商。