我们的客户有一个运行在Windows机器上的FileZilla FTP服务器,我使用FileZilla Client来testing连接。 该连接从我的办公室以及除我们之外的所有Azure服务器运行。
我已经在FileZilla Client中设置了debugging选项,下面是成功和失败的连接。 为什么连接在一台服务器上成功,但在另一台上却失败了?
我们两台连接到客户FTP的服务器都在Azure中,都是虚拟机运行相同的操作系统
成功
Status: Disconnected from server Trace: CRealControlSocket::DoClose(66) Trace: CControlSocket::DoClose(66) Trace: CFtpControlSocket::ResetOperation(66) Trace: CControlSocket::ResetOperation(66) Trace: CFileZillaEnginePrivate::ResetOperation(66) Trace: CRealControlSocket::DoClose(66) Trace: CControlSocket::DoClose(66) Trace: CControlSocket::DoClose(66) Trace: CFileZillaEnginePrivate::ResetOperation(0) Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 0 Status: Resolving address of *SERVER DNS* Status: Connecting to *SERVER IP*:2121... Status: Connection established, waiting for welcome message... Trace: CFtpControlSocket::OnReceive() Response: 220 PPW FTP Server Trace: CFtpLogonOpData::ParseResponse() in state 1 Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 2 Command: AUTH TLS Trace: CFtpControlSocket::OnReceive() Response: 502 Explicit TLS authentication not allowed Trace: CFtpLogonOpData::ParseResponse() in state 2 Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 3 Command: AUTH SSL Trace: CFtpControlSocket::OnReceive() Response: 502 Explicit TLS authentication not allowed Trace: CFtpLogonOpData::ParseResponse() in state 3 Status: Insecure server, it does not support FTP over TLS. Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 5 Command: USER printiq Trace: CFtpControlSocket::OnReceive() Response: 331 Password required for printiq Trace: CFtpLogonOpData::ParseResponse() in state 5 Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 5 Command: PASS ******** Trace: CFtpControlSocket::OnReceive() Response: 230 Logged on Trace: CFtpLogonOpData::ParseResponse() in state 5 Status: Logged in Trace: Measured latency of 46 ms Trace: CFtpControlSocket::ResetOperation(0) Trace: CControlSocket::ResetOperation(0) Trace: CFileZillaEnginePrivate::ResetOperation(0) Status: Retrieving directory listing... Trace: CControlSocket::SendNextCommand() Trace: CFtpListOpData::ListSend() in state 0 Trace: CFtpChangeDirOpData::Send() in state 0 Trace: CFtpChangeDirOpData::Send() in state 1 Command: PWD Trace: CFtpControlSocket::OnReceive() Response: 257 "/" is current directory. Trace: CFtpChangeDirOpData::ParseResponse() in state 1 Trace: CFtpControlSocket::ResetOperation(0) Trace: CControlSocket::ResetOperation(0) Trace: CControlSocket::ParseSubcommandResult(0) Trace: CFtpListOpData::SubcommandResult() in state 1 Trace: CControlSocket::SendNextCommand() Trace: CFtpListOpData::ListSend() in state 2 Trace: CFtpControlSocket::ResetOperation(0) Trace: CControlSocket::ResetOperation(0) Status: Directory listing of "/" successful Trace: CFileZillaEnginePrivate::ResetOperation(0) 失败
Status: Disconnected from server Trace: CRealControlSocket::DoClose(66) Trace: CControlSocket::DoClose(66) Trace: CFtpControlSocket::ResetOperation(66) Trace: CControlSocket::ResetOperation(66) Trace: CFileZillaEnginePrivate::ResetOperation(66) Trace: CRealControlSocket::DoClose(66) Trace: CControlSocket::DoClose(66) Trace: CControlSocket::DoClose(66) Trace: CFileZillaEnginePrivate::ResetOperation(0) Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 0 Status: Resolving address of *SERVER DNS* Status: Connecting to **SERVER IP**:2121... Status: Connection established, waiting for welcome message... Trace: CFtpControlSocket::OnReceive() Response: 220 PPW FTP Server Trace: CFtpLogonOpData::ParseResponse() in state 1 Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 2 Command: AUTH TLS Trace: CFtpControlSocket::OnReceive() Response: 502 Explicit TLS authentication not allowed Trace: CFtpLogonOpData::ParseResponse() in state 2 Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 3 Command: AUTH SSL Trace: CFtpControlSocket::OnReceive() Response: 502 Explicit TLS authentication not allowed Trace: CFtpLogonOpData::ParseResponse() in state 3 Status: Insecure server, it does not support FTP over TLS. Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 5 Command: USER printiq Trace: CFtpControlSocket::OnReceive() Response: 331 Password required for printiq Trace: CFtpLogonOpData::ParseResponse() in state 5 Trace: CControlSocket::SendNextCommand() Trace: CFtpLogonOpData::Send() in state 5 Command: PASS ******** Trace: CFtpControlSocket::OnReceive() Response: 230 Logged on Trace: CFtpLogonOpData::ParseResponse() in state 5 Status: Logged in Trace: Measured latency of 38 ms Trace: CFtpControlSocket::ResetOperation(0) Trace: CControlSocket::ResetOperation(0) Trace: CFileZillaEnginePrivate::ResetOperation(0) Status: Retrieving directory listing... Trace: CControlSocket::SendNextCommand() Trace: CFtpListOpData::ListSend() in state 0 Trace: CFtpChangeDirOpData::Send() in state 0 Trace: CFtpChangeDirOpData::Send() in state 1 Command: PWD Trace: CFtpControlSocket::OnReceive() Response: 257 "/" is current directory. Trace: CFtpChangeDirOpData::ParseResponse() in state 1 Trace: CFtpControlSocket::ResetOperation(0) Trace: CControlSocket::ResetOperation(0) Trace: CControlSocket::ParseSubcommandResult(0) Trace: CFtpListOpData::SubcommandResult() in state 1 Trace: CControlSocket::SendNextCommand() Trace: CFtpListOpData::ListSend() in state 2 Trace: CFtpRawTransferOpData::Send() in state 1 Command: TYPE I Trace: CFtpControlSocket::OnReceive() Response: 200 Type set to I Trace: CFtpRawTransferOpData::ParseResponse() in state 1 Trace: CControlSocket::SendNextCommand() Trace: CFtpRawTransferOpData::Send() in state 2 Command: PASV Trace: CFtpControlSocket::OnReceive() Response: 227 Entering Passive Mode (*SERVER IP*,234,225) Trace: CFtpRawTransferOpData::ParseResponse() in state 2 Trace: CControlSocket::SendNextCommand() Trace: CFtpRawTransferOpData::Send() in state 4 Trace: Binding data connection source IP to control connection source IP 10.0.0.4 Command: MLSD Trace: CFtpControlSocket::OnReceive() Response: 425 Can't open data connection for transfer of "/" Trace: CFtpRawTransferOpData::ParseResponse() in state 4 Trace: CFtpControlSocket::ResetOperation(2) Trace: CControlSocket::ResetOperation(2) Trace: CControlSocket::ParseSubcommandResult(2) Trace: CFtpListOpData::SubcommandResult() in state 3 Trace: CFtpControlSocket::ResetOperation(2) Trace: CControlSocket::ResetOperation(2) Error: Failed to retrieve directory listing Trace: CFileZillaEnginePrivate::ResetOperation(2)
这通常是FTP的主动/被动模式的问题。
大多数服务器/客户端FTPscheme以被动模式工作,您可以在日志中看到客户端已切换到PASV模式。
为了给出一点背景,当你连接到FTP服务器时,有一个控制连接,并build立了一个数据连接。 发送FTP命令并通过控制连接接收响应。 实际的数据,如文件列表或目录列表通过数据连接发送。
在FTP主动模式下,客户端启动与服务器的控制连接,服务器启动与客户端的数据连接。 在现代ITnetworking中,这并不是很好,因为大多数客户都坐在NATnetworking后面,需要端口转发。
作为解决方法,被动模式会导致客户端启动控制连接和数据连接。 数据连接通过服务器指定的随机端口进行。
在您的scheme中,看起来您已经成功创build了控制连接并已login。但只要尝试通过数据连接执行目录列表,就会失败。
因此,客户端和服务器之间的防火墙会阻止客户端尝试向服务器发起的连接。 作为其他客户端可以连接好,它可能不是在服务器端,但它很可能是,如果它阻止某些IP或端口与客户端的连接有关。
除非服务器和客户端都有一个公共IP地址,或者客户端的其他一些networking修改已经适应了随机的FTP数据连接,否则PASV模式是最典型的模式。
原因是,你的sucessfull客户端不使用被动命令PASV
Command: PASV Trace: CFtpControlSocket::OnReceive() Response: 227 Entering Passive Mode (*SERVER IP*,234,225)
服务器告诉你,他打开SERVER IP上的端口60385(是防火墙是否打开?)
Trace: CFtpRawTransferOpData::ParseResponse() in state 2 Trace: CControlSocket::SendNextCommand() Trace: CFtpRawTransferOpData::Send() in state 4 Trace: Binding data connection source IP to control connection source IP 10.0.0.4
您的客户端无法通过源10.0.0.4到达端口60385上的服务器