无法使用Windows ftp.exe进行FTP上传:“PORT IP与nnn.nnn.nnn.nnn不同” [英] Failed to FTP upload using Windows ftp.exe: "PORT IP is not same as nnn.nnn.nnn.nnn"
问题描述
我正在使用 ftp.exe 来上传文件到FTP服务器。
这个程序已经运行多年并上传到服务器的数量,到目前为止没有问题。
在一个接收器服务器更新后,上传不再可能。
p>这是命令序列:
open ftp.xxx.de
<用户>
< pw>
> 230用户登录,继续
cd上传
bin
放<文件名>
并回应此服务器回复:
<501> PORT IP与10.100.244.5不同
150文件状态好吧,即将开启连接
就是这样,在此之后,连接被阻塞,并在一段超时时间后关闭。
有趣的是,谷歌搜索因为PORT IP不一样只返回一个结果,这说明服务器看到的IP与预期的不同。
另外,当使用WinSCP,FileZilla或其他FTP工具程序,连接没有问题,并且传输文件就好了。
那么,为什么会出现这种情况以及如何解决这个问题?
p ftp.exe 使用老式的主动模式命令 PORT ,这要求客户端指定FTP服务器需要连接的IP地址以打开数据传输连接。
如果您位于防火墙或NAT之后,客户端可能不知道其外部IP地址并使用其本地网络地址。这导致麻烦。服务器无法连接回,因为它显然无法连接到客户端的本地网络。或者,如果指定的IP地址与FTP客户端连接到服务器的IP地址不匹配,服务器会立即拒绝 PORT 命令。这是一种安全措施,因为这种区别可能表明中间人(man-in-the-the-middle)攻击。你的服务器进行验证。某些服务器可能配置为忽略 PORT 命令中指定的IP地址,并连接到客户端的已知IP地址。
$ b $另一种解决方法是,如果防火墙/ NAT可以检查FTP流量并无缝修改
PORT 命令中的IP地址。这显然没有发生。 您不会遇到WinSCP或FileZilla的问题,因为这些客户端默认为被动FTP模式,它没有问题。此外,在主动模式下,这些客户端可以配置为使用外部IP地址。 FileZilla还支持现代 EPRT 命令,它不需要指定IP地址(服务器使用客户端的已知IP地址)。
查看我的关于主动/被动FTP模式了解详情。
我不认为有任何方法可以使它工作与Windows ftp.exe 。它既不支持被动模式,也不能配置为使用外部IP地址,也不支持 EPRT 命令。
所以除非你可以配置FTP服务器不做检查并连接到客户端的已知IP地址或配置防火墙/ NAT以修改 PORT 命令中的IP地址,则必须使用另一个FTP客户端。
正如您知道WinSCP的工作原理,请参阅转换指南Windows ftp.exe 脚本到WinSCP脚本。
(我是WinSCP的作者)
I am using a call to ftp.exe to upload file to a FTP Server.
This program is running since many years and uploads to number of servers, so far without problems.
After one of the receiver servers has been updated, uploads are no longer possible.
This is the command sequence:
open ftp.xxx.de
<user>
<pw>
>230 User logged in, proceed
cd upload
bin
put <filename>
and in response to this the server replies:
501 PORT IP is not the same as 10.100.244.5
150 File Status okay, about to open Connection
That is it, after this the connection is stuck and gets closed after a certain timeout period.
Funny enough, a google search for "PORT IP is not the same as" return exactly one result, which explains that the IP seen by the server is different from the one expected.
Also, when using WinSCP, FileZilla or other FTP utility programs, the connection has no problem and does transfer files just fine.
So, why does this appear and how to solve it?
The ftp.exe uses an old-fashioned active mode command PORT, which requires the client to specify its IP address to which the FTP servers needs to connect back to open a data transfer connection.
If your are behind a firewall or a NAT, the client may not know its external IP address and uses its local network address. This causes troubles. Either the server fails to connect back as it obviously cannot connect to the client's local network. Or the server rejects the PORT command straight away, if the specified IP address does not match the IP address, from which the FTP client connects to the server. This is a security measure as the difference may indicate a man-in-the-middle attack. Your server does the validation. Some servers might be configured to ignore the IP address specified in the PORT command and connect to a known IP address of the client.
Another way to solve this is, if the firewall/NAT can inspect the FTP traffic and seamlessly modify the IP address in the PORT command. This is obviously not happening.
You do not get the problem with WinSCP or FileZilla, as these clients default to the passive FTP mode, which does not have the problem. Also in the active mode these clients can be configured to use the external IP address. FileZilla also supports the modern EPRT command, that does not need to specify the IP address at all (the server uses the known IP address of the client).
See my article about active/passive FTP mode for details.
I do not think there's any way to make it working with the Windows ftp.exe. It neither supports the passive mode, nor can be configured to use the external IP address, nor supports the EPRT command.
So unless you can configure the FTP server not to do the check and connect to the known IP address of the client or configure your firewall/NAT to modify the IP address in the PORT command, you have to use another FTP client.
As you know that WinSCP works, see the guide for converting the Windows ftp.exe script to WinSCP script.
(I'm the author of WinSCP)
这篇关于无法使用Windows ftp.exe进行FTP上传:“PORT IP与nnn.nnn.nnn.nnn不同”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
