ftp 主动模式与被动模式

2018-09-15

ftp的工作原理

ftp要用到两个tcp连接即要使用两个端口

一个是命令链路：用来传递命令

一个是数据链路：用来上传下载数据

连接ftp server时有active和passive两种模式

通常使用主动模式可完成上传下载

主动模式工作原理

客户端使用命令链路主动告诉服务端：我打开了XX端口，你来连我吧

被动模式工作原理

跟主动模式相反，服务端告诉客户端：我打开了XX端口，你来连我吧

被动模式常用于有防火墙的情况

===============================================

错误：

引用

Host attempting data connection ip address is not same as server

解决方法：

引用

remoteverification

This parameter allows to enable/disable remote host connections verification. It should help when getting "Host attempting data connection ip address is not same as server" issue. Disable verification with remoteverification="false". Default is value is "true".

Java代码

client.setRemoteVerificationEnabled(false);

------------------------------

下面代码出现IO异常

Host attempting data connection 192.168.90.151 is not same as server 192.168.90.24

这个需要设置一个参数，这个参数允许启用/禁用远程主机连接验证。它将帮助当获得主机的ip地址数据连接尝试不是一样的服务器”的问题。与remoteverification禁用验证=“否”。默认值是“真”。

http://bbs.csdn.net/topics/380236758

------------------------------

Sorry for the real time debugging. I was stuck all day, I guess writing it out made me study it a little closer...

I noticed that I was using setUseEPSVwithIPv4(true) which was sending an

EPSV229 Entering Passive Mode (|||62110|)Removing that has allowed me to move a little further, now I"m getting

Total Bytes To Send: 1033PASV227 Entering Passive Mode (xxx,xxx,xxx,42,242,189)STOR /Inbound/Encrypted/TEST.pgpFile Transfer Failed at: 2013-11-21 18:33:07.846Error Occurred Transmitting File to Remote System, aborting...Host attempting data connection xxx.xxx.xxx.42 is not same as server xxx.xxx.xxx.67java.io.IOException: Host attempting data connection xxx.xxx.92.42 is not same as server xxx.xxx.xxx.67at org.apache.commons.net.ftp.FTPClient._openDataConnection_(FTPClient.java:912)at org.apache.commons.net.ftp.FTPSClient._openDataConnection_(FTPSClient.java:600)at org.apache.commons.net.ftp.FTPClient._storeFile(FTPClient.java:633)at org.apache.commons.net.ftp.FTPClient.__storeFile(FTPClient.java:624)150 Opening ASCII mode SSL data connection for /Inbound/Encrypted/TCONW.TEST.IN.pgp.at org.apache.commons.net.ftp.FTPClient.storeFile(FTPClient.java:1976)at mycode.FTPConnection.sendFile(FTPConnection.java:667)at mycode.FTPPropertyProcessor.putFile(FTPPropertyProcessor.java:54)at mycode.ftputils.FTPClientUtil.main(FTPClientUtil.java:290)Error Occurred Sending file, aborting...The secondary server is trusted, as it is one of their DMZ servers. Now to get around this one...

Original Posting Below:

Looking for debugging advice, or a clue as where to go with this.

I have been using this code base for quite a while internally. I had a new need to do client authentication to an external site, and I managed to connect and successfully login, but anytime I enter passive mode, the socket times out.

Using FTPS Connection with Protocol: TLS and Explicit Security Request220 tss4l589 FTP server (SecureTransport 5.1) ready.AUTH TLS234 SSLv23/TLSv1Connected to xxx.xxx.com on 21PBSZ 0200 PBSZ=0PROT P200 PROT command successfulUSER *******230 Virtual user XXXX logged in.PWD257 "/" is current directory....FTPClientUtil Connected Successfully!Sending: Local: c:/test/TEST.txt.asc Remote: /Inbound/Encrypted/TEST.pgp Starting at: 2013-11-21 17:53:47.877Total Bytes To Send: 1033EPSV229 Entering Passive Mode (|||62110|)File Transfer Failed at: 2013-11-21 17:54:08.877Error Occurred Transmitting File to Remote System, aborting...Connection timed out: connectjava.net.ConnectException: Connection timed out: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(Unknown Source) at java.net.PlainSocketImpl.connectToAddress(Unknown Source) at java.net.PlainSocketImpl.connect(Unknown Source) at java.net.SocksSocketImpl.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown Source) at org.apache.commons.net.ftp.FTPClient._openDataConnection_(FTPClient.java:894) at org.apache.commons.net.ftp.FTPSClient._openDataConnection_(FTPSClient.java:600) at org.apache.commons.net.ftp.FTPClient._storeFile(FTPClient.java:633) at org.apache.commons.net.ftp.FTPClient.__storeFile(FTPClient.java:624) at org.apache.commons.net.ftp.FTPClient.storeFile(FTPClient.java:1976) at mycode.ftputils.FTPConnection.sendFile(FTPConnection.java:648) at mycode.ftputils.FTPPropertyProcessor.putFile(FTPPropertyProcessor.java:54)at mycode.ftputils.FTPClientUtil.main(FTPClientUtil.java:290)Error Occurred Sending file, aborting...I can connect successfully using other products (cuteFTP and FlashFXP), so I don"t believe it"s a firewall issue, but what I did notice, is that the products do TLS renegotiation? on the Data Connections. I don"t see that happening in the FTPSClient code.

From FlashFPX

FlashFXP 4.4.3 (build 2026)Support Forums http://forum.flashfxp.comWinsock 2.2 -- OpenSSL 1.0.1e 11 Feb 2013[R] Connecting to Test -> DNS=xxx.xxx.com IP=xxx.xx.xx.xx PORT=21[R] Connected to Test[R] 220 tss4l589 FTP server (SecureTransport 5.1) ready.[R] AUTH TLS[R] 234 SSLv23/TLSv1[R] Connected. Negotiating SSL/TLS session[R] TLSv1 negotiation successful...[R] TLSv1 encrypted session using cipher AES256-SHA (256 bits)[R] PBSZ 0[R] 200 PBSZ=0[R] USER XXXX[R] 230 Virtual user XXXX logged in.[R] SYST[R] 215 UNIX Type: L8[R] PWD[R] 257 "/" is current directory.[R] TYPE A[R] 200 Type set to A.[R] PROT P[R] 200 PROT command successful[R] PASV[R] 227 Entering Passive Mode (159,53,92,42,242,212)[R] Opening data connection IP: 159.53.92.42 PORT: 62164[R] LIST -al[R] Connected. Negotiating SSL/TLS session[R] TLSv1 negotiation successful...[R] TLSv1 encrypted session using cipher AES256-SHA (256 bits)[R] 150 Opening ASCII mode SSL data connection for file list.[R] 226 Transfer complete.[R] List Complete: 130 bytes in 0.25 second (0.1 KB/s)[R] QUIT[R] 221 Goodbye.[R] Logged off: Test (Duration: 17 seconds)

Removing the setUseEPSVwithIPv4(true); was the key here.

To get past the server verification you need to use setRemoteVerificationEnabled(false);

I was successfully able to send a file to the remote system.

Sorry to anyone who was actively looking at this...

http://stackoverflow.com/questions/20134035/ftpsclient-socket-timeout-on-data-connection

免责声明：本文仅代表文章作者的个人观点，与本站无关。其原创性、真实性以及文中陈述文字和内容未经本站证实，对本文以及其中全部或者部分内容文字的真实性、完整性和原创性本站不作任何保证或承诺，请读者仅作参考，并自行核实相关内容。

http://www.pinlue.com/style/images/nopic.gif