得到“我不会打开连接"从 Google Compute Engine 连接到 FTP 服务器时 [英] Getting "I won't open a connection to" when connecting to FTP server from Google Compute Engine
问题描述
我通过 ssh 连接到我的 Google Compute Engine 的虚拟机.并想从那里 ftp 到另一台服务器.它询问我的用户名和密码,我可以毫无问题地登录.但是当我执行 ls 或 get 时,我收到此错误:
I ssh'ed to my Google Compute Engine's VM. And want to ftp to another server from there. It asked my username and password, I could login without problem. But when I do ls or get, I receive this error:
500 I won't open a connection to 10.240.XX.XX (only to XX.XX.XX.XX)
ftp: bind: Address already in use
10.240.XX.XX 是我在 ifconfig 结果中看到的内部 IP 地址.
That 10.240.XX.XX is my internal IP address I saw in ifconfig result.
如何使用 FTP 从另一台服务器传输文件?系统:Debian7
How can I transfer files from another server using FTP? System: Debian7
推荐答案
您正在使用 FTP 的主动模式连接到运行 Pure-FTPd 的服务器.在主动模式下,服务器必须连接回客户端才能打开数据传输连接(用于文件传输或目录列表).为此,客户端在 PORT 命令中将其 IP 地址发送到 FTP 服务器.
You are using the active mode of FTP to connect to a server running Pure-FTPd. In the active mode, a server has to connect back to a client to open a data transfer connection (for file transfers or directory listing). For that, the client sends its IP address to the FTP server in the PORT command.
如果 FTP 服务器在 GCE 专用网络之外,它显然无法连接回客户端机器,因为该机器位于防火墙和 NAT 之后.
If the FTP server is outside of the GCE private network, it obviously cannot connect back to the client machine, as the machine is behind a firewall and NAT.
实际上 Pure-FTPd 明确检查 PORT 命令中的 IP 地址是否与 FTP 控制连接的客户端 IP 地址匹配.如果客户端在 GCE 网络中发送其内部 IP 地址,它将不匹配.如果在这种情况下,Pure-FTPd 服务器直接拒绝传输(甚至不尝试连接)并显示错误消息,您将得到:
And actually the Pure-FTPd explicitly checks that the IP address in the PORT command matches the client IP address of the FTP control connection. It won't match, if the client sends its internal IP address within the GCE network. If this case, the Pure-FTPd server rejects the transfer outright (without even trying to connect) with the error message, you are getting:
我不会打开到...的连接(只到...)
I won't open a connection to ... (only to ...)
(其中第一个...是客户端在PORT命令中提供的IP地址[GCE私网内的本地地址),第二个 ... 是客户端的外部 [NATed] IP 地址,如服务器所知).
(where the first ... is the IP address provided by the client in the PORT command [the local address within the GCE private network), and the second ... is the external [NATed] IP address of the client, as known by the server).
即使客户端在 PORT 命令中报告了外部 [NATed] 地址,它仍然无法工作,因为连接尝试不会通过 NAT 和防火墙.
Even if the client reported the external [NATed] address in the PORT command, it still won't work as the connection attempt won't get past the NAT and firewall.
因此存在被动FTP模式,即客户端连接到服务器以打开数据传输连接.实际上,现在没有人使用主动模式.
For this reason, the passive FTP mode exists, in which the client connects to the server to open the data transfer connection. Actually, none uses the active mode nowadays.
有关这些模式的详细信息,请参阅(我的文章)FTP 连接模式.
See (my article) FTP connection modes for details about the modes.
所以,切换到被动模式.具体如何完成取决于客户.
So, switch to the passive mode. How this is done is client-specific.
在最常见的 *nix
ftp命令行客户端中,使用-p命令行开关,尽管默认情况下使用被动模式:
In most common *nix
ftpcommand-line clients, use the-pcommand-line switch, though the passive mode is used by default anyway:
-p 使用被动模式进行数据传输.允许在防火墙阻止的环境中使用 ftp从外部世界返回到客户端计算机的连接.要求 ftp 服务器支持移植 PASV 命令.由于安全原因,这是所有客户端(ftp 和 pftp)的默认设置关注使用 PORT 传输模式.该标志仅出于兼容性目的而保留,没有任何作用没有了.
-pUse passive mode for data transfers. Allows use of ftp in environments where a firewall prevents connections from the outside world back to the client machine. Requires that the ftp server sup- port the PASV command. This is the default now for all clients (ftp and pftp) due to security concerns using the PORT transfer mode. The flag is kept for compatibility only and has no effect anymore.
部分客户端还支持passive命令.
如果您在 Windows 上,则无法使用内置命令行 ftp.exe 客户端,因为它根本不支持被动模式.您必须安装第三方客户端.请参阅如何在 Windows 命令提示符下使用被动 FTP 模式?
If you are on Windows, you cannot use the built-in command-line ftp.exe client, as it does not support the passive mode at all. You have to install a third-party client. See How to use passive FTP mode in Windows command prompt?
这篇关于得到“我不会打开连接"从 Google Compute Engine 连接到 FTP 服务器时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
