通过NAT运行在Port 2000上的FTP服务器不能在被动模式下工作 [英] FTP server running on Port 2000 over NAT not working on Passive Mode
问题描述
我运行FILE-Zilla ftp服务器,在一台局域网内的windows上连接到我的路由器。我试图通过添加端口转发规则(NAT),从路由器外部网络使用路由器WAN IP (WAN到LAN)访问FTP服务器路由器。根据以下配置,我在这里有两种情况。 1st正在工作 , 2nd不是 (处于被动模式)。
注意:我在ftp服务器运行的Windows 7防火墙
中添加了自定义入站规则。
blockquote>
配置#1
Filezilla FTP服务器端口:21
被动端口范围:50000-51000
NAT - 外部端口:21
NAT - 内部端口:21
Windows防火墙inboud规则端口允许端口:21,50000-51000
连接到:< WAN IP>的客户端:21
如果客户端尝试使用主动/被动模式进行连接,则此功能正常工作
配置# / strong>
Filezilla FTP服务器端口:2000
被动端口范围:50000-51000
NAT - 外部端口:21
NAT - 内部端口:2000
Windows防火墙inboud规则端口允许port:2000,50000-51000
连接到:< WAN IP>的客户:21
只有当客户端设置为活动模式时,这才起作用。
客户端无法使用被动模式配置。客户端可以连接并登录成功,但以服务器端的错误消息结束,没有任何目录列表。227输入被动模式(192,168,1,2,195,85)
注意:两者该案件在局域网内工作。
解决方案我的猜测是配置#1只是因为NAT足够聪明才能转换来自服务器的
PASV响应中的IP地址。但它可能只用于标准的FTP端口。
您应该告诉FileZilla FTP服务器其外部IP地址。转到编辑>设置>被动模式设置> IPv4特定>被动模式传输的外部服务器IP地址。
当前您的FTP服务器正在发送其内部IP地址给客户端。而且客户端显然无法连接到IP地址。
让NAT转发无源端口范围内的端口(50000-51000)。
尽管更改会打破LAN-LAN连接。要允许LAN和WAN连接,请检查NAT是否可以配置为转换非标准端口的IP地址。尽管翻译只适用于未加密的连接。而且你不应该使用未加密的连接!
如果客户允许,最后一种选择是使用扩展被动模式(
EPSV)。在扩展被动模式下,响应中没有IP地址。 FTP客户端使用FTP服务器的主要IP地址进行数据连接。I am running FILE-Zilla ftp server on windows in one of the LAN pc connect to my router. i am trying to access the FTP server from the network outside of the router using Router WAN ip (WAN-to-LAN) by adding Port-Forwarding rule (NAT) in the router. I have 2 cases here as per below configurations. the 1st is working and the 2nd is not (in Passive mode).
Note: i have added the custom inbound rule in the windows 7 firewall where the ftp server is running.
Configuration #1
Filezilla FTP server port: 21 Passive port range: 50000-51000 NAT - external port: 21 NAT - internal port: 21 Windows firewall inboud rule port allow port: 21, 50000-51000 Client connecting to: <Wan IP>:21This is working if client is trying to connect using Active/Passive mode
Configuration #2
Filezilla FTP server port: 2000 Passive port range: 50000-51000 NAT - external port: 21 NAT - internal port: 2000 Windows firewall inboud rule port allow port: 2000, 50000-51000 Client connecting to: <Wan IP>:21This is working only if client is set to Active mode. Not working with Passive mode configuration by client. the client can connect and login is successfull but ends with the error message at server side like this without any directory listing.
227 Entering Passive Mode (192,168,1,2,195,85)
Note: both the case working in LAN-LAN network.
解决方案My guess is that the configuration #1 works only because the NAT is smart enough to translate the IP address in the
PASVresponse from the server. But it likely does that only for the standard FTP port.
You should tell the FileZilla FTP server its external IP address. Go to Edit > Settings > Passive mode settings > IPv4 specific > External Server IP Address for passive mode transfers.
Currently your FTP server is sending its internal IP address to the client. And the client obviously cannot connect to the IP address.
And have the NAT forward the ports in the passive port range (50000-51000).
Though the change will break the LAN-LAN connections. To allow both LAN and WAN connections, check if the NAT can be configured to translate the IP address for the non standard ports too. Though the translation will work for unencrypted connection only anyway. And you should not use unencrypted connections!
The last option is to use the extended passive mode (
EPSV), if your clients allow that. In the extended passive mode, there's no IP address in the response. The FTP client uses the primary IP address of the FTP server for data connections.这篇关于通过NAT运行在Port 2000上的FTP服务器不能在被动模式下工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
