我们的客户在 Windows 机器上运行着一个 FileZilla FTP 服务器,我正在使用 FileZilla 客户端来测试连接。在我的办公室以及除一台 Azure 服务器外的所有 Azure 服务器上,连接均正常。
我在 FileZilla Client 中设置了调试选项,下面是成功和失败的连接。为什么在一台服务器上连接成功,而在另一台服务器上连接失败?
我们连接到客户 FTP 的两个服务器都在 Azure 中,都是运行相同操作系统的虚拟机
成功的
Status: Disconnected from server
Trace: CRealControlSocket::DoClose(66)
Trace: CControlSocket::DoClose(66)
Trace: CFtpControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Trace: CFileZillaEnginePrivate::ResetOperation(66)
Trace: CRealControlSocket::DoClose(66)
Trace: CControlSocket::DoClose(66)
Trace: CControlSocket::DoClose(66)
Trace: CFileZillaEnginePrivate::ResetOperation(0)
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 0
Status: Resolving address of *SERVER DNS*
Status: Connecting to *SERVER IP*:2121...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220 PPW FTP Server
Trace: CFtpLogonOpData::ParseResponse() in state 1
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 2
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 502 Explicit TLS authentication not allowed
Trace: CFtpLogonOpData::ParseResponse() in state 2
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 3
Command: AUTH SSL
Trace: CFtpControlSocket::OnReceive()
Response: 502 Explicit TLS authentication not allowed
Trace: CFtpLogonOpData::ParseResponse() in state 3
Status: Insecure server, it does not support FTP over TLS.
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 5
Command: USER printiq
Trace: CFtpControlSocket::OnReceive()
Response: 331 Password required for printiq
Trace: CFtpLogonOpData::ParseResponse() in state 5
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 5
Command: PASS ********
Trace: CFtpControlSocket::OnReceive()
Response: 230 Logged on
Trace: CFtpLogonOpData::ParseResponse() in state 5
Status: Logged in
Trace: Measured latency of 46 ms
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Trace: CFileZillaEnginePrivate::ResetOperation(0)
Status: Retrieving directory listing...
Trace: CControlSocket::SendNextCommand()
Trace: CFtpListOpData::ListSend() in state 0
Trace: CFtpChangeDirOpData::Send() in state 0
Trace: CFtpChangeDirOpData::Send() in state 1
Command: PWD
Trace: CFtpControlSocket::OnReceive()
Response: 257 "/" is current directory.
Trace: CFtpChangeDirOpData::ParseResponse() in state 1
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Trace: CControlSocket::ParseSubcommandResult(0)
Trace: CFtpListOpData::SubcommandResult() in state 1
Trace: CControlSocket::SendNextCommand()
Trace: CFtpListOpData::ListSend() in state 2
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Status: Directory listing of "/" successful
Trace: CFileZillaEnginePrivate::ResetOperation(0)
失败的
Status: Disconnected from server
Trace: CRealControlSocket::DoClose(66)
Trace: CControlSocket::DoClose(66)
Trace: CFtpControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Trace: CFileZillaEnginePrivate::ResetOperation(66)
Trace: CRealControlSocket::DoClose(66)
Trace: CControlSocket::DoClose(66)
Trace: CControlSocket::DoClose(66)
Trace: CFileZillaEnginePrivate::ResetOperation(0)
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 0
Status: Resolving address of *SERVER DNS*
Status: Connecting to **SERVER IP**:2121...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220 PPW FTP Server
Trace: CFtpLogonOpData::ParseResponse() in state 1
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 2
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 502 Explicit TLS authentication not allowed
Trace: CFtpLogonOpData::ParseResponse() in state 2
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 3
Command: AUTH SSL
Trace: CFtpControlSocket::OnReceive()
Response: 502 Explicit TLS authentication not allowed
Trace: CFtpLogonOpData::ParseResponse() in state 3
Status: Insecure server, it does not support FTP over TLS.
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 5
Command: USER printiq
Trace: CFtpControlSocket::OnReceive()
Response: 331 Password required for printiq
Trace: CFtpLogonOpData::ParseResponse() in state 5
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 5
Command: PASS ********
Trace: CFtpControlSocket::OnReceive()
Response: 230 Logged on
Trace: CFtpLogonOpData::ParseResponse() in state 5
Status: Logged in
Trace: Measured latency of 38 ms
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Trace: CFileZillaEnginePrivate::ResetOperation(0)
Status: Retrieving directory listing...
Trace: CControlSocket::SendNextCommand()
Trace: CFtpListOpData::ListSend() in state 0
Trace: CFtpChangeDirOpData::Send() in state 0
Trace: CFtpChangeDirOpData::Send() in state 1
Command: PWD
Trace: CFtpControlSocket::OnReceive()
Response: 257 "/" is current directory.
Trace: CFtpChangeDirOpData::ParseResponse() in state 1
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Trace: CControlSocket::ParseSubcommandResult(0)
Trace: CFtpListOpData::SubcommandResult() in state 1
Trace: CControlSocket::SendNextCommand()
Trace: CFtpListOpData::ListSend() in state 2
Trace: CFtpRawTransferOpData::Send() in state 1
Command: TYPE I
Trace: CFtpControlSocket::OnReceive()
Response: 200 Type set to I
Trace: CFtpRawTransferOpData::ParseResponse() in state 1
Trace: CControlSocket::SendNextCommand()
Trace: CFtpRawTransferOpData::Send() in state 2
Command: PASV
Trace: CFtpControlSocket::OnReceive()
Response: 227 Entering Passive Mode (*SERVER IP*,234,225)
Trace: CFtpRawTransferOpData::ParseResponse() in state 2
Trace: CControlSocket::SendNextCommand()
Trace: CFtpRawTransferOpData::Send() in state 4
Trace: Binding data connection source IP to control connection source IP 10.0.0.4
Command: MLSD
Trace: CFtpControlSocket::OnReceive()
Response: 425 Can't open data connection for transfer of "/"
Trace: CFtpRawTransferOpData::ParseResponse() in state 4
Trace: CFtpControlSocket::ResetOperation(2)
Trace: CControlSocket::ResetOperation(2)
Trace: CControlSocket::ParseSubcommandResult(2)
Trace: CFtpListOpData::SubcommandResult() in state 3
Trace: CFtpControlSocket::ResetOperation(2)
Trace: CControlSocket::ResetOperation(2)
Error: Failed to retrieve directory listing
Trace: CFileZillaEnginePrivate::ResetOperation(2)
答案1
这通常是 FTP 主动/被动模式的问题。
大多数服务器/客户端 FTP 场景都以被动模式工作,您可以在日志中看到您的客户端已切换到 PASV 模式。
简单介绍一下背景知识,当您连接到 FTP 服务器时,会建立控制连接和数据连接。FTP 命令通过控制连接发送,响应通过控制连接接收。实际数据(如文件列表或目录列表)通过数据连接发送。
在 FTP 主动模式下,您的客户端发起与服务器的控制连接,服务器发起与客户端的数据连接。在现代 IT 网络中,这种方式效果不佳,因为大多数客户端位于 NAT 网络后面,需要端口转发。
作为一种解决方法,被动模式会导致客户端发起控制连接和数据连接。数据连接通过服务器指定的随机端口进行。
在您的场景中,您似乎已成功创建控制连接并登录。但是,一旦您尝试通过数据连接执行目录列表,它就会失败。
因此,客户端和服务器之间的防火墙阻止了客户端尝试发起到服务器的连接。由于其他客户端可以正常连接,因此问题可能不在服务器端,但如果防火墙阻止了与客户端连接相关的某些 IP 或端口,则问题很可能出在服务器端。
PASV 模式是典型的使用模式,也是最可靠的模式,除非服务器和客户端都具有公共 IP 地址,或者在客户端进行了一些其他网络修改以适应随机 FTP 数据连接。
答案2
原因是,你的成功客户端不使用被动命令肺动脉瓣关闭不全
Command: PASV
Trace: CFtpControlSocket::OnReceive()
Response: 227 Entering Passive Mode (*SERVER IP*,234,225)
服务器告诉你,他打开了端口 60385服务器 IP,(防火墙打开了吗?)
Trace: CFtpRawTransferOpData::ParseResponse() in state 2
Trace: CControlSocket::SendNextCommand()
Trace: CFtpRawTransferOpData::Send() in state 4
Trace: Binding data connection source IP to control connection source IP 10.0.0.4
您的客户端无法通过源 10.0.0.4 访问端口 60385 上的服务器