我还查看了一些其他问题(例如,这个),但还没有找到答案。问题如下:
我在我们网络的服务器上运行 FileZilla Server (0.9.60)。我们有一个外部服务器尝试通过 FTPS 进行连接。该连接已经工作了好几年,直到一周前。现在服务器可以连接和登录,但无法上传文件。以下是日志内容的示例:
(000080) 11/2/2017 3:30:01 AM - (not logged in) (XXX.XXX.XXX.XXX)> Connected on port 990, sending welcome message...
(000080) 11/2/2017 3:30:01 AM - (not logged in) (XXX.XXX.XXX.XXX)> 220-FileZilla Server 0.9.60 beta
(000080) 11/2/2017 3:30:01 AM - (not logged in) (XXX.XXX.XXX.XXX)> 220 You have connected to the RAI FTP server.
(000080) 11/2/2017 3:30:02 AM - (not logged in) (XXX.XXX.XXX.XXX)> TLS connection established
(000080) 11/2/2017 3:30:02 AM - (not logged in) (XXX.XXX.XXX.XXX)> USER USERNAME
(000080) 11/2/2017 3:30:02 AM - (not logged in) (XXX.XXX.XXX.XXX)> 331 Password required for USERNAME
(000080) 11/2/2017 3:30:02 AM - (not logged in) (XXX.XXX.XXX.XXX)> PASS *******
(000080) 11/2/2017 3:30:02 AM - USERNAME (XXX.XXX.XXX.XXX)> 230 Logged on
(000080) 11/2/2017 3:30:02 AM - USERNAME (XXX.XXX.XXX.XXX)> SYST
(000080) 11/2/2017 3:30:02 AM - USERNAME (XXX.XXX.XXX.XXX)> 215 UNIX emulated by FileZilla
(000080) 11/2/2017 3:30:02 AM - USERNAME (XXX.XXX.XXX.XXX)> CWD /staging/
(000080) 11/2/2017 3:30:02 AM - USERNAME (XXX.XXX.XXX.XXX)> 250 CWD successful. "/staging" is current directory.
(000080) 11/2/2017 3:30:02 AM - USERNAME (XXX.XXX.XXX.XXX)> TYPE A
(000080) 11/2/2017 3:30:02 AM - USERNAME (XXX.XXX.XXX.XXX)> 200 Type set to A
(000080) 11/2/2017 3:30:02 AM - USERNAME (XXX.XXX.XXX.XXX)> PBSZ 0
(000080) 11/2/2017 3:30:02 AM - USERNAME (XXX.XXX.XXX.XXX)> 200 PBSZ=0
(000080) 11/2/2017 3:30:02 AM - USERNAME (XXX.XXX.XXX.XXX)> PROT P
(000080) 11/2/2017 3:30:02 AM - USERNAME (XXX.XXX.XXX.XXX)> 200 Protection level set to P
(000080) 11/2/2017 3:30:02 AM - USERNAME (XXX.XXX.XXX.XXX)> PASV
(000080) 11/2/2017 3:30:02 AM - USERNAME (XXX.XXX.XXX.XXX)> 227 Entering Passive Mode (XXX,XXX,XXX,XXX,26,129)
(000080) 11/2/2017 3:30:02 AM - USERNAME (XXX.XXX.XXX.XXX)> STOR search_report_11012017.txt
(000080) 11/2/2017 3:30:12 AM - USERNAME (XXX.XXX.XXX.XXX)> 425 Can't open data connection for transfer of "/staging/search_report_11012017.txt"
(000080) 11/2/2017 3:30:32 AM - USERNAME (XXX.XXX.XXX.XXX)> TYPE A
(000080) 11/2/2017 3:30:32 AM - USERNAME (XXX.XXX.XXX.XXX)> 200 Type set to A
(000080) 11/2/2017 3:30:32 AM - USERNAME (XXX.XXX.XXX.XXX)> PASV
(000080) 11/2/2017 3:30:32 AM - USERNAME (XXX.XXX.XXX.XXX)> 227 Entering Passive Mode (XXX,XXX,XXX,XXX,24,88)
(000080) 11/2/2017 3:30:32 AM - USERNAME (XXX.XXX.XXX.XXX)> STOR RAD_Affil_DL_110217.txt
(000080) 11/2/2017 3:30:42 AM - USERNAME (XXX.XXX.XXX.XXX)> 425 Can't open data connection for transfer of "/staging/RAD_Affil_DL_110217.txt"
(000080) 11/2/2017 3:31:02 AM - USERNAME (XXX.XXX.XXX.XXX)> QUIT
(000080) 11/2/2017 3:31:02 AM - USERNAME (XXX.XXX.XXX.XXX)> 221 Goodbye
(000080) 11/2/2017 3:31:02 AM - USERNAME (XXX.XXX.XXX.XXX)> disconnected
以下是被动模式设置:
Windows 防火墙已打开,并特别允许 TCP 端口 20、21、990、6000-7000。我的系统管理员向我保证,相同的端口已通过公司防火墙转发。我不知道过去一周或更长时间里服务器或防火墙有任何变化。外部服务器管理员也不知道他那边有任何变化。
请告诉我还有哪些其他信息有帮助。
答案1
我认为你的系统管理员错了。
我对日志中 227 条消息的理解是,客户端尝试打开提到的 IP 地址,首先是端口 6785(26*256+129),然后是 6232(24*256+88),但两次尝试都失败了。
连接尝试可能失败,因为它们被阻止了,最有可能是在路由器中。或者路由器可能没有正确地将这些端口转发到 FileZilla Server 所在的计算机。在内部为该计算机提供静态 IP 地址可能更安全。
欲了解更多信息,请参阅 FileZilla wiki: 设置路由器以修复“425 代码”。