TP-LINK Archer d50 调制解调器阻止对特定网站的 FTP 访问

TP-LINK Archer d50 调制解调器阻止对特定网站的 FTP 访问

我尝试通过智能手机共享互联网,在我的电脑上也可以使用。当我切换到调制解调器连接时,我可以登录 FTP 服务器,但它不显示目录。

我也尝试在路由器上转发端口 20 和 21,但我不确定是否正确。有人能告诉我这些字段中填了什么吗? 在此处输入图片描述

我也尝试了主动和被动模式,但没有任何变化。网站是 www.binini.it,我尝试了很多客户端,例如 FileZilla、CoreFtp 和 Cyber​​duck。我注意到 net2ftp 可以正常工作。

这是 FileZilla 回溯。

Status: Connecting to 209.227.193.130:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/**hidden**" is current directory.
Command:    TYPE I
Response:   200 Type set to I.
Command:    PASV
Error:  Disconnected from server: ECONNABORTED - Connection aborted
Error:  Failed to retrieve directory listing
Status: Disconnected from server
Status: Connecting to 209.227.193.130:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/**hidden**" is current directory.
Command:    TYPE I
Response:   200 Type set to I.
Command:    PASV
Error:  Disconnected from server: ECONNABORTED - Connection aborted
Error:  Failed to retrieve directory listing

使用 ftp.exe 我可以登录,但在“quote pasv”之后就出现堆栈。终端回答我“远程主机连接已关闭”。

这是完整的调试日志:

Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 0
Status: Connecting to 209.227.193.130:21...
Status: Connection established, waiting for welcome message...
Trace:  CFtpControlSocket::OnReceive()
Response:   220 Microsoft FTP Service
Trace:  CFtpLogonOpData::ParseResponse() in state 1
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 2
Command:    AUTH TLS
Trace:  CFtpControlSocket::OnReceive()
Response:   534 Local policy on server does not allow TLS secure connections.
Trace:  CFtpLogonOpData::ParseResponse() in state 2
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 3
Command:    AUTH SSL
Trace:  CFtpControlSocket::OnReceive()
Response:   534 Local policy on server does not allow TLS secure connections.
Trace:  CFtpLogonOpData::ParseResponse() in state 3
Status: Insecure server, it does not support FTP over TLS.
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 5
Command:    USER w8km01a130
Trace:  CFtpControlSocket::OnReceive()
Response:   331 Password required for w8km01a130.
Trace:  CFtpLogonOpData::ParseResponse() in state 5
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 5
Command:    PASS **********
Trace:  CFtpControlSocket::OnReceive()
Response:   230 User logged in.
Trace:  CFtpLogonOpData::ParseResponse() in state 5
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 6
Command:    SYST
Trace:  CFtpControlSocket::OnReceive()
Response:   215 Windows_NT
Trace:  CFtpLogonOpData::ParseResponse() in state 6
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 7
Command:    FEAT
Trace:  CFtpControlSocket::OnReceive()
Response:   211-Extended features supported:
Response:    LANG EN*
Response:    UTF8
Trace:  CFtpControlSocket::OnReceive()
Response:    AUTH TLS;TLS-C;SSL;TLS-P;
Response:    PBSZ
Response:    PROT C;P;
Response:    CCC
Response:    HOST
Trace:  CFtpControlSocket::OnReceive()
Response:    SIZE
Response:    MDTM
Response:    REST STREAM
Response:   211 END
Trace:  CFtpLogonOpData::ParseResponse() in state 7
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 9
Command:    OPTS UTF8 ON
Trace:  CFtpControlSocket::OnReceive()
Response:   200 OPTS UTF8 command successful - UTF8 encoding now ON.
Trace:  CFtpLogonOpData::ParseResponse() in state 9
Status: Logged in
Trace:  Measured latency of 62 ms
Trace:  CFtpControlSocket::ResetOperation(0)
Trace:  CControlSocket::ResetOperation(0)
Trace:  CFileZillaEnginePrivate::ResetOperation(0)
Status: Retrieving directory listing...
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpListOpData::ListSend() in state 0
Trace:  CFtpChangeDirOpData::Send() in state 0
Trace:  CFtpChangeDirOpData::Send() in state 1
Command:    PWD
Trace:  CFtpControlSocket::OnReceive()
Response:   257 "/w8km01a130" is current directory.
Trace:  CFtpChangeDirOpData::ParseResponse() in state 1
Trace:  CFtpControlSocket::ResetOperation(0)
Trace:  CControlSocket::ResetOperation(0)
Trace:  CControlSocket::ParseSubcommandResult(0)
Trace:  CFtpListOpData::SubcommandResult() in state 1
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpListOpData::ListSend() in state 2
Trace:  CFtpRawTransferOpData::Send() in state 1
Command:    TYPE I
Trace:  CFtpControlSocket::OnReceive()
Response:   200 Type set to I.
Trace:  CFtpRawTransferOpData::ParseResponse() in state 1
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpRawTransferOpData::Send() in state 2
Command:    PASV
Trace:  CRealControlSocket::OnClose(106)
Error:  Disconnected from server: ECONNABORTED - Connection aborted
Trace:  CControlSocket::DoClose(66)
Trace:  CFtpControlSocket::ResetOperation(66)
Trace:  CControlSocket::ResetOperation(66)
Trace:  CFtpControlSocket::ResetOperation(66)
Trace:  CControlSocket::ResetOperation(66)
Error:  Failed to retrieve directory listing
Trace:  CFileZillaEnginePrivate::ResetOperation(66)
Status: Disconnected from server
Trace:  CControlSocket::DoClose(66)
Trace:  CControlSocket::DoClose(66)
Trace:  CControlSocket::DoClose(66)
Trace:  CFileZillaEnginePrivate::ResetOperation(0)
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 0
Status: Connecting to 209.227.193.130:21...
Status: Connection established, waiting for welcome message...
Trace:  CFtpControlSocket::OnReceive()
Response:   220 Microsoft FTP Service
Trace:  CFtpLogonOpData::ParseResponse() in state 1
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 2
Command:    AUTH TLS
Trace:  CFtpControlSocket::OnReceive()
Response:   534 Local policy on server does not allow TLS secure connections.
Trace:  CFtpLogonOpData::ParseResponse() in state 2
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 3
Command:    AUTH SSL
Trace:  CFtpControlSocket::OnReceive()
Response:   534 Local policy on server does not allow TLS secure connections.
Trace:  CFtpLogonOpData::ParseResponse() in state 3
Status: Insecure server, it does not support FTP over TLS.
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 5
Command:    USER w8km01a130
Trace:  CFtpControlSocket::OnReceive()
Response:   331 Password required for w8km01a130.
Trace:  CFtpLogonOpData::ParseResponse() in state 5
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 5
Command:    PASS **********
Trace:  CFtpControlSocket::OnReceive()
Response:   230 User logged in.
Trace:  CFtpLogonOpData::ParseResponse() in state 5
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 9
Command:    OPTS UTF8 ON
Trace:  CFtpControlSocket::OnReceive()
Response:   200 OPTS UTF8 command successful - UTF8 encoding now ON.
Trace:  CFtpLogonOpData::ParseResponse() in state 9
Status: Logged in
Trace:  Measured latency of 81 ms
Trace:  CFtpControlSocket::ResetOperation(0)
Trace:  CControlSocket::ResetOperation(0)
Trace:  CFileZillaEnginePrivate::ResetOperation(0)
Status: Retrieving directory listing...
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpListOpData::ListSend() in state 0
Trace:  CFtpChangeDirOpData::Send() in state 0
Trace:  CFtpChangeDirOpData::Send() in state 1
Command:    PWD
Trace:  CFtpControlSocket::OnReceive()
Response:   257 "/w8km01a130" is current directory.
Trace:  CFtpChangeDirOpData::ParseResponse() in state 1
Trace:  CFtpControlSocket::ResetOperation(0)
Trace:  CControlSocket::ResetOperation(0)
Trace:  CControlSocket::ParseSubcommandResult(0)
Trace:  CFtpListOpData::SubcommandResult() in state 1
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpListOpData::ListSend() in state 2
Trace:  CFtpRawTransferOpData::Send() in state 1
Command:    TYPE I
Trace:  CFtpControlSocket::OnReceive()
Response:   200 Type set to I.
Trace:  CFtpRawTransferOpData::ParseResponse() in state 1
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpRawTransferOpData::Send() in state 2
Command:    PASV
Trace:  CRealControlSocket::OnClose(106)
Error:  Disconnected from server: ECONNABORTED - Connection aborted
Trace:  CControlSocket::DoClose(66)
Trace:  CFtpControlSocket::ResetOperation(66)
Trace:  CControlSocket::ResetOperation(66)
Trace:  CFtpControlSocket::ResetOperation(66)
Trace:  CControlSocket::ResetOperation(66)
Error:  Failed to retrieve directory listing
Trace:  CFileZillaEnginePrivate::ResetOperation(66)

这是我的手机共享连接的回溯:

    Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 0
Status: Connecting to 209.227.193.130:21...
Status: Connection established, waiting for welcome message...
Trace:  CFtpControlSocket::OnReceive()
Response:   220 Microsoft FTP Service
Trace:  CFtpLogonOpData::ParseResponse() in state 1
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 2
Command:    AUTH TLS
Trace:  CFtpControlSocket::OnReceive()
Response:   534 Local policy on server does not allow TLS secure connections.
Trace:  CFtpLogonOpData::ParseResponse() in state 2
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 3
Command:    AUTH SSL
Trace:  CFtpControlSocket::OnReceive()
Response:   534 Local policy on server does not allow TLS secure connections.
Trace:  CFtpLogonOpData::ParseResponse() in state 3
Status: Insecure server, it does not support FTP over TLS.
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 5
Command:    USER w8km01a130
Trace:  CFtpControlSocket::OnReceive()
Response:   331 Password required for w8km01a130.
Trace:  CFtpLogonOpData::ParseResponse() in state 5
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 5
Command:    PASS **********
Trace:  CFtpControlSocket::OnReceive()
Response:   230 User logged in.
Trace:  CFtpLogonOpData::ParseResponse() in state 5
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 6
Command:    SYST
Trace:  CFtpControlSocket::OnReceive()
Response:   215 Windows_NT
Trace:  CFtpLogonOpData::ParseResponse() in state 6
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 7
Command:    FEAT
Trace:  CFtpControlSocket::OnReceive()
Response:   211-Extended features supported:
Trace:  CFtpControlSocket::OnReceive()
Response:    LANG EN*
Response:    UTF8
Trace:  CFtpControlSocket::OnReceive()
Response:    AUTH TLS;TLS-C;SSL;TLS-P;
Response:    PBSZ
Response:    PROT C;P;
Response:    CCC
Trace:  CFtpControlSocket::OnReceive()
Response:    HOST
Trace:  CFtpControlSocket::OnReceive()
Response:    SIZE
Response:    MDTM
Response:    REST STREAM
Response:   211 END
Trace:  CFtpLogonOpData::ParseResponse() in state 7
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpLogonOpData::Send() in state 9
Command:    OPTS UTF8 ON
Trace:  CFtpControlSocket::OnReceive()
Response:   200 OPTS UTF8 command successful - UTF8 encoding now ON.
Trace:  CFtpLogonOpData::ParseResponse() in state 9
Status: Logged in
Trace:  Measured latency of 276 ms
Trace:  CFtpControlSocket::ResetOperation(0)
Trace:  CControlSocket::ResetOperation(0)
Trace:  CFileZillaEnginePrivate::ResetOperation(0)
Status: Retrieving directory listing...
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpListOpData::ListSend() in state 0
Trace:  CFtpChangeDirOpData::Send() in state 0
Trace:  CFtpChangeDirOpData::Send() in state 1
Command:    PWD
Trace:  CFtpControlSocket::OnReceive()
Response:   257 "/w8km01a130" is current directory.
Trace:  CFtpChangeDirOpData::ParseResponse() in state 1
Trace:  CFtpControlSocket::ResetOperation(0)
Trace:  CControlSocket::ResetOperation(0)
Trace:  CControlSocket::ParseSubcommandResult(0)
Trace:  CFtpListOpData::SubcommandResult() in state 1
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpListOpData::ListSend() in state 2
Trace:  CFtpRawTransferOpData::Send() in state 1
Command:    TYPE I
Trace:  CFtpControlSocket::OnReceive()
Response:   200 Type set to I.
Trace:  CFtpRawTransferOpData::ParseResponse() in state 1
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpRawTransferOpData::Send() in state 2
Command:    PASV
Trace:  CFtpControlSocket::OnReceive()
Response:   227 Entering Passive Mode (66,71,190,20,195,87).
Trace:  CFtpRawTransferOpData::ParseResponse() in state 2
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpRawTransferOpData::Send() in state 4
Trace:  Destination IP of data connection does not match peer IP of control connection. Not binding source address of data connection.
Command:    LIST
Trace:  CTransferSocket::OnConnect
Trace:  CFtpControlSocket::OnReceive()
Response:   150 Opening BINARY mode data connection.
Trace:  CFtpRawTransferOpData::ParseResponse() in state 4
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpRawTransferOpData::Send() in state 5
Trace:  CFtpControlSocket::OnReceive()
Response:   226 Transfer complete.
Trace:  CFtpRawTransferOpData::ParseResponse() in state 5
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpRawTransferOpData::Send() in state 8
Trace:  CTransferSocket::OnReceive(), m_transferMode=0
Trace:  CTransferSocket::OnClose(0)
Trace:  CTransferSocket::TransferEnd(1)
Trace:  CFtpControlSocket::TransferEnd()
Trace:  CFtpControlSocket::ResetOperation(0)
Trace:  CControlSocket::ResetOperation(0)
Trace:  CControlSocket::ParseSubcommandResult(0)
Trace:  CFtpListOpData::SubcommandResult() in state 3
Trace:  CControlSocket::SendNextCommand()
Trace:  CFtpListOpData::ListSend() in state 4
Status: Calculating timezone offset of server...
Command:    MDTM Main.Master
Trace:  CFtpControlSocket::OnReceive()
Response:   213 20170703210504
Trace:  CFtpListOpData::ParseResponse() in state 4
Status: Timezone offset of server is 7200 seconds.
Trace:  CFtpControlSocket::ResetOperation(0)
Trace:  CControlSocket::ResetOperation(0)
Status: Directory listing of "/w8km01a130" successful
Trace:  CFileZillaEnginePrivate::ResetOperation(0)

答案1

从成功的跟踪来看:

状态:正在连接到 209.227.193.130:21…… 命令:PASV
响应 :227 进入被动模式 (66,71,190,20,195,87)。 …… 跟踪:数据连接的目标 IP 与控制连接的对等 IP 不匹配……



对被动命令的响应是说,服务器应该连接到 66.71.190.20 端口 50007 (195*256+87) 进行数据连接。请注意,此 IP 地址与您连接的服务器的地址不同。虽然理论上原始 FTP 协议支持这种操作模式,即控制连接的服务器与数据连接的服务器不同,但这种情况非常罕见,更可能是由服务器端的配置错误引起的。根据 tracepath,我认为这实际上是同一服务器上的不同地址。

这可能是传输失败的原因。在 TP-Link 路由器的日志中,您会发现对 PASV 命令的以下反应:

命令:PASV
错误:与服务器断开连接:ECONNABORTED - 连接中止

我将其解释为路由器上的 FTP 辅助程序中止了 FTP 连接,因为 PASV 命令导致了意外响应,因为应用于数据连接的 PASV 内的 IP 与控制连接的 IP 不匹配。

这也解释了为什么问题只发生在这台特定的服务器上,因为所有其他服务器都没有出现这种异常行为。

但是,如果这实际上只是同一服务器上的一个不同地址,您可以尝试 FTP 连接到 66.71.190.20,而不是 209.227.193.130。希望第一个会成功,因为控制连接中的 IP 和 PASV 响应是相同的。

答案2

FTP 只是一个噩梦般的协议,因为它使用动态端口,相关端口号的交换是在应用层完成的。这意味着防火墙或 NAT 路由器或 ISP 和移动提供商(对于运营商级 NAT)中经常会涉及帮助程序,这些程序可能有效,也可能无效。

问题尤其出现在使用 FTPS(即加密 FTP)时,因为流量是加密的,所以辅助应用程序无法获取端口号。问题还出现在较新的命令中,这些命令被添加以支持 IPv6,但它们也经常在没有 IPv6 的情况下使用(即 EPRT、EPSV 而不是 PORT 和 PASV)。

简而言之:尽量使用 SFTP 而不是 FTP/FTPS。SFTP 是基于 SSH 的文件传输,更安全,并且没有 FTP(S) 关于动态端口的问题。当然,服务器需要支持它。

相关内容