问题出在 Amazon ec2 实例“Red Hat Enterprise Linux Server 7.0 (Maipo)”(内核 3.10.0-123.6.3.el7.x86_64)
尝试访问RETR远程文件时,FTP 客户端无限期挂起。我无法控制远程服务器。
所有传入/传出端口均在 Amazon 安全组中打开。
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
iptables 模块列表:
$ sudo lsmod
Module Size Used by
nfnetlink_queue 18197 0
nfnetlink_log 17926 0
nfnetlink 14606 2 nfnetlink_log,nfnetlink_queue
bluetooth 372662 0
rfkill 26536 1 bluetooth
isofs 39842 0
nf_nat_ftp 12770 0
nf_conntrack_ftp 18638 1 nf_nat_ftp
nf_nat 21798 1 nf_nat_ftp
nf_conntrack 101024 3 nf_nat_ftp,nf_nat,nf_conntrack_ftp
iptable_filter 12810 0
ip_tables 27239 1 iptable_filter
ext4 528957 1
mbcache 14958 1 ext4
jbd2 98341 1 ext4
crct10dif_pclmul 14289 0
crct10dif_common 12595 1 crct10dif_pclmul
crc32_pclmul 13113 0
ghash_clmulni_intel 13259 0
aesni_intel 55624 0
lrw 13286 1 aesni_intel
gf128mul 14951 1 lrw
glue_helper 13990 1 aesni_intel
ablk_helper 13597 1 aesni_intel
cryptd 20359 3 ghash_clmulni_intel,aesni_intel,ablk_helper
i2c_piix4 22106 0
serio_raw 13462 0
pcspkr 12718 0
i2c_core 40325 1 i2c_piix4
mperf 12667 0
xen_netfront 26679 0
xfs 914152 1
libcrc32c 12644 1 xfs
ata_generic 12910 0
pata_acpi 13038 0
xen_blkfront 26864 3
ata_piix 35038 0
crc32c_intel 22079 1
libata 219478 3 pata_acpi,ata_generic,ata_piix
floppy 69417 0
我能够从我拥有的远程 FTP 服务器检索文件:
sudo ftp -v -d *.*.*.227
Connected to *.*.*.227 (*.*.*.227).
220-FileZilla Server version 0.9.47 beta
220-written by Tim Kosse ([email protected])
220 Please visit https://filezilla-project.org/
Name (*.*.*.227:root): nick
---> USER nick
331 Password required for nick
Password:
---> PASS XXXX
230 Logged on
---> SYST
215 UNIX emulated by FileZilla
Remote system type is UNIX.
ftp> ls
---> PASV
227 Entering Passive Mode (*,*,*,227,226,210)
---> LIST
150 Opening data channel for directory listing of "/"
drwxr-xr-x 1 ftp ftp 0 Sep 22 15:36 outgoing
-r--r--r-- 1 ftp ftp 12 Sep 22 15:22 test.txt
226 Successfully transferred "/"
ftp> get test.txt
local: test.txt remote: test.txt
---> PASV
227 Entering Passive Mode (*,*,*,227,226,211)
---> RETR test.txt
150 Opening data channel for file download from server of "/test.txt"
226 Successfully transferred "/test.txt"
12 bytes received in 0.00503 secs (2.39 Kbytes/sec)
但是,当我尝试对另一台不属于我的服务器执行相同操作时,客户端在发出 get 命令后会无限期挂起。
sudo ftp -v -d ftp.********.com
Connected to ftp.********.com (*.*.*.122).
220 ***** FTP Server. All transfers are logged.
Name (ftp.********.com:root): ****uv9
---> USER ****uv9
331 User name okay, need password for ****uv9.
Password:
---> PASS XXXX
230 User ****uv9 logged in from *.*.*.248
---> SYST
215 UNIX Type: Apache FtpServer
Remote system type is UNIX.
ftp> ls
---> PASV
227 Entering Passive Mode (*,*,*,122,168,54)
---> LIST
150 File status okay; about to open data connection.
drwx------ 3 user group 0 Dec 29 2011 files
226 Closing data connection.
ftp> cd files/data
---> CWD files/data
250 Directory changed to /files/data
ftp> ls
---> PASV
227 Entering Passive Mode (*,*,*,122,168,58)
---> LIST
150 File status okay; about to open data connection.
drwx------ 3 user group 0 Sep 22 13:50 usr942
226 Closing data connection.
ftp> cd usr942
---> CWD usr942
250 Directory changed to /files/data/usr942
ftp> ls
---> PASV
227 Entering Passive Mode (*,*,*,122,168,95)
---> LIST
150 File status okay; about to open data connection.
-rw------- 1 user group 7700460 Sep 22 13:50 5492542.txt
226 Closing data connection.
ftp> get 5492542.txtf
local: 5492542.txtf remote: 5492542.txtf
---> PASV
227 Entering Passive Mode (*,*,*,122,168,104)
---> RETR 5492542.txtf
550 /files/data/usr942/5492542.txtf: No such file or directory.
ftp> get 5492542.txt
local: 5492542.txt remote: 5492542.txt
---> PASV
227 Entering Passive Mode (*,*,*,122,168,105)
---> RETR 5492542.txt
150 File status okay; about to open data connection.
就是这样。它会挂起,直到超时为止。
以下是来自端口 21 的一些 tcpdump:
17:25:44.327012 IP ip-*-*-*-39.us-west-1.compute.internal.48091 > ftp.******.com.ftp: Flags [P.], seq 169:212, ack 1239, win 18760, length 43
17:25:44.331344 IP ftp.******.com.ftp > ip-*-*-*-39.us-west-1.compute.internal.48091: Flags [P.], seq 1239:1293, ack 212, win 1522, length 54
17:25:44.371203 IP ip-*-*-*-39.us-west-1.compute.internal.48091 > ftp.******.com.ftp: Flags [.], ack 1293, win 18760, length 0
17:29:35.522664 IP ftp.******.com.ftp > ip-*-*-*-39.us-west-1.compute.internal.48091: Flags [R.], seq 1293, ack 212, win 9300, length 0
下面是来自端口 48091 的一些 tcpdump:
17:25:44.323187 IP ip-*-*-*-39.us-west-1.compute.internal.48091 > ftp.******.com.ftp: Flags [.], ack 722, win 18760, length 0
17:25:44.327012 IP ip-*-*-*-39.us-west-1.compute.internal.48091 > ftp.******.com.ftp: Flags [P.], seq 133:176, ack 722, win 18760, length 43
17:25:44.331344 IP ftp.******.com.ftp > ip-*-*-*-39.us-west-1.compute.internal.48091: Flags [P.], seq 722:776, ack 176, win 1522, length 54
17:25:44.371203 IP ip-*-*-*-39.us-west-1.compute.internal.48091 > ftp.******.com.ftp: Flags [.], ack 776, win 18760, length 0
17:29:35.522664 IP ftp.******.com.ftp > ip-*-*-*-39.us-west-1.compute.internal.48091: Flags [R.], seq 776, ack 176, win 9300, length 0
我尝试解决这个问题两天了但没有成功。
更新
我注意到当我 ping 主机时,我得到了交替的结果。
PING ftp.********.com (*.*.*.122) 56(84) bytes of data.
64 bytes from ftp.********.com (*.*.*.122): icmp_seq=1 ttl=246 time=4.30 ms
64 bytes from b2b.********.com (*.*.*.122): icmp_seq=2 ttl=246 time=4.21 ms
64 bytes from ftp.********.com (*.*.*.122): icmp_seq=3 ttl=246 time=4.48 ms
64 bytes from b2b.********.com (*.*.*.122): icmp_seq=4 ttl=246 time=4.29 ms
64 bytes from ftp.********.com (*.*.*.122): icmp_seq=5 ttl=246 time=4.46 ms
64 bytes from b2b.********.com (*.*.*.122): icmp_seq=6 ttl=246 time=4.42 ms