我正在解決從特定客戶端到伺服器的 ftp 連線問題。不幸的是,將其設為被動模式不是一個選項。我在調試模式下使用 ncftp 來測試連線。
[myself@newqa ~]$ ncftp
NcFTP 3.2.4 (Apr 07, 2010) by Mike Gleason (http://www.NcFTP.com/contact/).
ncftp> debug
ncftp> passive
> passive
passive on
ncftp> passive
> passive
passive off
ncftp> open -u ftpuser my.server.com
> open -u ftpuser my.server.com
LibNcFTP 3.2.4 (April 3, 2010) compiled for linux-x86_64-glibc2.12
Uname: Linux|my.client.com|2.6.32-279.19.1.el6.x86_64|#1 SMP Sat Nov 24 14:35:28 EST 2012|x86_64
Contents of /etc/redhat-release:
Red Hat Enterprise Linux Server release 6.3 (Santiago)
Contents of /etc/issue:
Red Hat Enterprise Linux Server release 6.3 (Santiago)
Kernel \r on an \m
Glibc: 2.12 (stable)
Hello, dear user!
220: Hello, dear user!
Connected to 12.34.56.78.
Cmd: USER ftpuser
Password requested by 12.34.56.78 for user "ftpuser".
Please specify the password.
Password: ***********
331: Please specify the password.
Cmd: PASS xxxxxxxx
Login successful.
230: Login successful.
Cmd: PWD
257: "/"
Logged in to 12.34.56.78 as username.
Cmd: FEAT
211: Features:
EPRT
EPSV
MDTM
PASV
REST STREAM
SIZE
TVFS
End
Cmd: HELP SITE
214: The following commands are recognized.
ABOR ACCT ALLO APPE CDUP CWD DELE EPRT EPSV FEAT HELP LIST MDTM MKD
MODE NLST NOOP OPTS PASS PASV PORT PWD QUIT REIN REST RETR RMD RNFR
RNTO SITE SIZE SMNT STAT STOR STOU STRU SYST TYPE USER XCUP XCWD XMKD
XPWD XRMD
Help OK.
Logged in to www.server.com.
Cmd: CLNT NcFTP 3.2.4 linux-x86_64-glibc2.12
500: Unknown command.
ncftp / > dir
> dir
Cmd: PORT 10,36,219,101,167,190
Could not read reply from control connection -- timed out.
Could not read reply from control connection -- timed out.
List failed.
該機器託管在亞馬遜,防火牆配置為允許從我的伺服器 IP 到客戶端的所有 TCP 傳入流量。
iptables 在客戶端中被停用
[root@newqa ~]# /etc/init.d/iptables status
iptables: Firewall is not running.
客戶端中禁用了selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
這是當我從位於不同網路的客戶端嘗試相同操作時發生的情況:
Logged in to my.server.com.
Cmd: CLNT NcFTP 3.2.5 linux-x86-glibc2.15
500: Unknown command.
ncftp / > dir
> dir
Cmd: PORT 192,168,1,36,221,20
200: PORT command successful. Consider using PASV.
Cmd: LIST
150: Here comes the directory listing.
226: Directory send OK.
Remote listing contents {
drwxr-xr-x 2 ftp ftp 4096 May 02 2013 bin
drwxr-xr-x 2 ftp ftp 4096 May 02 2013 dev
drwxr-xr-x 2 ftp ftp 4096 May 02 2013 etc
drwxr-xr-x 3 ftp ftp 4096 Mar 18 06:05 incoming
drwxr-xr-x 2 ftp ftp 4096 May 02 2013 lib
drwxr-xr-x 2 ftp ftp 4096 May 02 2013 lib64
drwxr-xr-x 5 ftp ftp 4096 May 02 2013 usr
}
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 bin
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 bin
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 dev
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 dev
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 etc
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 etc
drwxr-xr-x 3 ftp ftp 4096 Mar 18 06:05 incoming
drwxr-xr-x 3 ftp ftp 4096 Mar 18 06:05 incoming
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 lib
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 lib
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 lib64
drwxr-xr-x 2 ftp ftp 4096 May 2 2013 lib64
drwxr-xr-x 5 ftp ftp 4096 May 2 2013 usr
drwxr-xr-x 5 ftp ftp 4096 May 2 2013 usr
不知道在哪裡繼續排除故障,有什麼建議嗎?
謝謝,
答案1
您在 PORT 指令中使用私有 IP (10.36.219.101),例如,您不在 FTP 伺服器可存取的公用網路中,而這是主動模式所需要的。如果您無法使用被動模式,您需要在裝置上安裝某種 ftp 代理,將您的內部網路與公共網際網路(例如 NAT 路由器或防火牆)分開,且該代理程式必須重寫 FTP PORT 指令以使用其公用 IP。
答案2
經過大量調查後...一切都歸結為 Amazon EC2 設定對管理員不友善且不允許主動 FTP 傳輸。解決方案:將電腦移至不同的託管提供者。