我正在尝试使用 winSCP 通过 FTP 将我的服务器连接到 FTP,然后与备份文件夹同步。我曾在工作内联网(即同一域)的 PC 上顺利完成此操作,但是当我尝试在场外进行设置时(这是我的重点),相同的脚本失败了。FTP 日志如下。
. 2010-09-09 15:28:30.952 --------------------------------------------------------------------------
. 2010-09-09 15:28:30.952 WinSCP Version 4.2.8 (Build 818) (OS 5.2.3790 Service Pack 2)
. 2010-09-09 15:28:30.952 Login time: 09 September 2010 15:28:30
. 2010-09-09 15:28:30.952 --------------------------------------------------------------------------
. 2010-09-09 15:28:30.952 Session name: [email protected]
. 2010-09-09 15:28:30.952 Host name: myserver.nhs.uk (Port: 21)
. 2010-09-09 15:28:30.952 User name: user1 (Password: Yes, Key file: No)
. 2010-09-09 15:28:30.952 Tunnel: No
. 2010-09-09 15:28:30.952 Transfer Protocol: FTP
. 2010-09-09 15:28:30.952 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2010-09-09 15:28:30.952 Proxy: none
. 2010-09-09 15:28:30.952 FTP: FTPS: Explicit SSL; Passive: No [Force IP: No]
. 2010-09-09 15:28:30.952 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2010-09-09 15:28:30.952 Cache directory changes: Yes, Permanent: Yes
. 2010-09-09 15:28:30.952 DST mode: 1
. 2010-09-09 15:28:30.952 --------------------------------------------------------------------------
. 2010-09-09 15:28:30.968 Connecting to myserver.nhs.uk ...
. 2010-09-09 15:28:30.984 Connected with myserver.nhs.uk, negotiating SSL connection...
< 2010-09-09 15:28:30.999 220 Microsoft FTP Service
> 2010-09-09 15:28:30.999 AUTH SSL
< 2010-09-09 15:28:31.031 234 AUTH command ok. Expecting TLS Negotiation.
. 2010-09-09 15:28:31.187 SSL connection established. Waiting for welcome message...
> 2010-09-09 15:28:31.187 USER user1
< 2010-09-09 15:28:31.218 331 Password required for user1.
> 2010-09-09 15:28:31.218 PASS ********
< 2010-09-09 15:28:31.234 230 User logged in.
> 2010-09-09 15:28:31.234 SYST
< 2010-09-09 15:28:31.265 215 Windows_NT
> 2010-09-09 15:28:31.265 FEAT
< 2010-09-09 15:28:31.281 211-Extended features supported:
< 2010-09-09 15:28:31.281 LANG EN*
< 2010-09-09 15:28:31.281 UTF8
< 2010-09-09 15:28:31.281 AUTH TLS;TLS-C;SSL;TLS-P;
< 2010-09-09 15:28:31.281 PBSZ
< 2010-09-09 15:28:31.281 PROT C;P;
< 2010-09-09 15:28:31.281 CCC
< 2010-09-09 15:28:31.296 HOST
< 2010-09-09 15:28:31.296 SIZE
< 2010-09-09 15:28:31.296 MDTM
< 2010-09-09 15:28:31.296 REST STREAM
< 2010-09-09 15:28:31.296 211 END
> 2010-09-09 15:28:31.296 OPTS UTF8 ON
< 2010-09-09 15:28:31.312 200 OPTS UTF8 command successful - UTF8 encoding now ON.
> 2010-09-09 15:28:31.312 PBSZ 0
< 2010-09-09 15:28:31.343 200 PBSZ command successful.
> 2010-09-09 15:28:31.343 PROT P
< 2010-09-09 15:28:31.359 200 PROT command successful.
. 2010-09-09 15:28:31.359 Connected
. 2010-09-09 15:28:31.359 --------------------------------------------------------------------------
. 2010-09-09 15:28:31.359 Using FTP protocol.
. 2010-09-09 15:28:31.359 Doing startup conversation with host.
> 2010-09-09 15:28:31.359 PWD
< 2010-09-09 15:28:31.390 257 "/" is current directory.
. 2010-09-09 15:28:31.390 Getting current directory name.
. 2010-09-09 15:28:31.390 Retrieving directory listing...
> 2010-09-09 15:28:31.390 TYPE A
< 2010-09-09 15:28:31.406 200 Type set to A.
> 2010-09-09 15:28:31.421 PORT 10,222,54,3,6,38
< 2010-09-09 15:28:31.437 200 PORT command successful.
> 2010-09-09 15:28:31.437 LIST -a
< 2010-09-09 15:28:31.468 150 Opening ASCII mode data connection.
. 2010-09-09 15:28:46.968 Timeout detected.
. 2010-09-09 15:28:46.968 Could not retrieve directory listing
* 2010-09-09 15:28:46.968 (ESshFatal) Lost connection.
* 2010-09-09 15:28:46.968 Timeout detected.
* 2010-09-09 15:28:46.968 Could not retrieve directory listing
* 2010-09-09 15:28:46.968 Opening ASCII mode data connection.
* 2010-09-09 15:28:46.968 Error listing directory '/'.
. 2010-09-09 15:28:51.999 Connecting to myserver.nhs.uk ...
. 2010-09-09 15:28:52.015 Connected with myserver.nhs.uk, negotiating SSL connection...
< 2010-09-09 15:28:52.031 220 Microsoft FTP Service
> 2010-09-09 15:28:52.031 AUTH SSL
< 2010-09-09 15:28:52.062 234 AUTH command ok. Expecting TLS Negotiation.
. 2010-09-09 15:28:52.140 SSL connection established. Waiting for welcome message...
> 2010-09-09 15:28:52.140 USER user1
< 2010-09-09 15:28:52.156 331 Password required for user1.
> 2010-09-09 15:28:52.156 PASS ********
< 2010-09-09 15:28:52.187 230 User logged in.
> 2010-09-09 15:28:52.187 SYST
< 2010-09-09 15:28:52.202 215 Windows_NT
> 2010-09-09 15:28:52.202 FEAT
< 2010-09-09 15:28:52.234 211-Extended features supported:
< 2010-09-09 15:28:52.234 LANG EN*
< 2010-09-09 15:28:52.234 UTF8
< 2010-09-09 15:28:52.234 AUTH TLS;TLS-C;SSL;TLS-P;
< 2010-09-09 15:28:52.234 PBSZ
< 2010-09-09 15:28:52.234 PROT C;P;
< 2010-09-09 15:28:52.234 CCC
< 2010-09-09 15:28:52.234 HOST
< 2010-09-09 15:28:52.234 SIZE
< 2010-09-09 15:28:52.234 MDTM
< 2010-09-09 15:28:52.234 REST STREAM
< 2010-09-09 15:28:52.234 211 END
> 2010-09-09 15:28:52.234 OPTS UTF8 ON
< 2010-09-09 15:28:52.265 200 OPTS UTF8 command successful - UTF8 encoding now ON.
> 2010-09-09 15:28:52.265 PBSZ 0
< 2010-09-09 15:28:52.281 200 PBSZ command successful.
> 2010-09-09 15:28:52.281 PROT P
< 2010-09-09 15:28:52.312 200 PROT command successful.
. 2010-09-09 15:28:52.312 Connected
. 2010-09-09 15:28:52.312 Doing startup conversation with host.
. 2010-09-09 15:28:52.312 Getting current directory name.
. 2010-09-09 15:28:52.312 Retrieving directory listing...
> 2010-09-09 15:28:52.312 PWD
< 2010-09-09 15:28:52.343 257 "/" is current directory.
> 2010-09-09 15:28:52.343 TYPE A
< 2010-09-09 15:28:52.359 200 Type set to A.
> 2010-09-09 15:28:52.359 PORT 10,222,54,3,6,40
< 2010-09-09 15:28:52.390 200 PORT command successful.
> 2010-09-09 15:28:52.390 LIST -a
< 2010-09-09 15:28:52.406 150 Opening ASCII mode data connection.
无论是从 GUI 还是之前测试过的、可以运行的脚本版本运行,都会失败。从日志来看,目录列表超时存在问题,大概是因为延迟较少,所以它在本地运行正常
请问这是否是 winSCP 设置(如果是的话,在哪里)或在 FTPserver 端(Windows Web Server 2008 R2)?
答案1
当我忘记打开被动 FTP 模式所需的额外端口时遇到了这个问题。
基本上,除了已经打开的端口 21 之外,您还需要通过防火墙打开/允许一系列端口。
看起来您正在使用 Microsoft 的 FTP 服务器。Microsoft 有一个带有说明的支持页面这里。
当我这样做时,我打开了端口 21 作为控制端口,然后任意选择端口 65000-65050 作为被动 FTP 数据。您的范围将根据您需要或预期的并发用户/会话数量(更多并发用户/会话需要更多开放端口)以及已为其他应用程序开放的任何其他端口而有所不同。
答案2
我自己偶然发现了这一点。许多页面都有同样的问题,但通常没有(完整)答案。PASV 端口需要在 PASV 模式下可访问。这可能需要调整防火墙/IPtables: