Ini pengaturan saya,
- 1 Windows 2008 R2 Standard Box / w G6 FTP Server diinstal
- G6 dikonfigurasi untuk menggunakan koneksi SSL eksplisit saja (TCP: 990)
- 1 WatchGuard Firebox Firewall (antara server dan jaringan internal)
Jadi, saya bisa terhubung tanpa mengeluarkan dan daftar direktori pada server FTPS ketika saya terhubung ke server sementara saya terhubung ke LAN (sebenarnya, RDP masuk ke kotak Win 2k8, Anda mendapatkan ide), tetapi ketika saya mencoba untuk terhubung dari jarak jauh ke situs FTPS Sepertinya saya tidak bisa mendaftar direktori home dari pengguna yang telah saya konfigurasikan di server
13/05/29 20:00:48, 39, 98.208.xx.xx, , new connection from 98.208.xx.xx on 10.1.2.252:990 (Explicit SSL only)
13/05/29 20:00:48, 39, 98.208.xx.xx, , hostname resolved : c-98-208-xx-xx.hsd1.ca.comcast.net
13/05/29 20:00:48, 39, 98.208.xx.xx, , sending welcome message.
13/05/29 20:00:48, 39, 98.208.xx.xx, , 220 Gene6 FTP Server v3.10.0 (Build 2) ready...
13/05/29 20:00:48, 39, 98.208.xx.xx, , AUTH TLS
13/05/29 20:00:48, 39, 98.208.xx.xx, , 234 AUTH command ok; starting SSL connection.
13/05/29 20:00:48, 39, 98.208.xx.xx, , establishing encrypted session
13/05/29 20:00:48, 39, 98.208.xx.xx, , USER username
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 331 Password required for username.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PASS ****
13/05/29 20:00:48, 39, 98.208.xx.xx, username, logged in as "username".
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 230 User username logged in.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, SYST
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 215 UNIX Type: L8
13/05/29 20:00:48, 39, 98.208.xx.xx, username, FEAT
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 211-Extensions supported:
13/05/29 20:00:48, 39, 98.208.xx.xx, username, AUTH TLS
13/05/29 20:00:48, 39, 98.208.xx.xx, username, CCC
13/05/29 20:00:48, 39, 98.208.xx.xx, username, CLNT
13/05/29 20:00:48, 39, 98.208.xx.xx, username, CPSV
13/05/29 20:00:48, 39, 98.208.xx.xx, username, EPRT
13/05/29 20:00:48, 39, 98.208.xx.xx, username, EPSV
13/05/29 20:00:48, 39, 98.208.xx.xx, username, MDTM
13/05/29 20:00:48, 39, 98.208.xx.xx, username, MFCT
13/05/29 20:00:48, 39, 98.208.xx.xx, username, MFMT
13/05/29 20:00:48, 39, 98.208.xx.xx, username, MLST type*;size*;create;modify*;
13/05/29 20:00:48, 39, 98.208.xx.xx, username, MODE Z
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PASV
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PBSZ
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PROT
13/05/29 20:00:48, 39, 98.208.xx.xx, username, REST STREAM
13/05/29 20:00:48, 39, 98.208.xx.xx, username, SIZE
13/05/29 20:00:48, 39, 98.208.xx.xx, username, SSCN
13/05/29 20:00:48, 39, 98.208.xx.xx, username, TVFS
13/05/29 20:00:48, 39, 98.208.xx.xx, username, UTF8
13/05/29 20:00:48, 39, 98.208.xx.xx, username, XCRC "filename" SP EP
13/05/29 20:00:48, 39, 98.208.xx.xx, username, XMD5 "filename" SP EP
13/05/29 20:00:48, 39, 98.208.xx.xx, username, XSHA1 "filename" SP EP
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 211 End.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, CLNT FileZilla
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 Noted.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, OPTS UTF8 ON
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 UTF8 OPTS ON
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PBSZ 0
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 PBSZ=0
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PROT P
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 PROT command successful.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PWD
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 257 "/" is current directory.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, TYPE I
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 Type set to I.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PORT 98,208,65,76,34,82
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 Port command successful.
13/05/29 20:00:49, 39, 98.208.xx.xx, username, MLSD
13/05/29 20:01:01, 38, 98.208.xx.xx, username, 425 Cannot open data connection.
13/05/29 20:01:01, 38, 98.208.xx.xx, username, disconnected. (00d00:00:22)
13/05/29 20:01:10, 39, 98.208.xx.xx, username, 425 Cannot open data connection.
13/05/29 20:01:10, 39, 98.208.xx.xx, username, disconnected. (00d00:00:22)
Sekarang, saya sadar bahwa FTP membutuhkan port DATA (TCP / 20) dan SESSION (TCP / 21) untuk dibuka, tetapi mengingat saya tidak menggunakan port 21 - bagaimana cara menentukan port data apa yang saya gunakan dengan mempertimbangkan saya saya menggunakan port 990 melalui SSL (FTPS)?
Saya telah membuka port 20, port 21 dan port 990 sebagai tes pada firewall yang menghadap internet dan windows server firewall tetapi saya masih tidak bisa mendapatkan daftar direktori ketika saya terhubung melalui internet. Saya telah mencoba untuk terhubung menggunakan metode ACTV dan PASV di Filezilla dan masih belum ada dadu. Saya ingat kembali pada hari bahwa masalah semacam ini biasanya disebabkan oleh koneksi aktif dan pasif, tetapi detailnya suram dalam pikiran saya. Dan jika ini semua karena aktif atau pasif, mengapa saya bisa mendapatkan daftar direktori ketika saya terhubung dari sisi LAN jaringan?
Izin pada folder yang dibagikan dengan pengguna ini memiliki izin penuh yang diberikan kepada semua orang hanya untuk menghilangkan itu sebagai masalah di balik mengapa saya bisa mendapatkan daftar direktori.
Jadi pertanyaan saya adalah - Apa sebenarnya yang terjadi di sini? Mengapa saya tidak bisa mendapatkan koneksi data melalui WAN tetapi saya bisa melalui LAN? Apakah ini karena SSL eksplisit? Masalah aktif / pasif?
Ini adalah log output dari sesi FTPS lokal yang sukses
13/05/29 20:16:32, 40, 10.1.2.252, , new connection from 10.1.2.252 on 10.1.2.252:990 (Explicit SSL only)
13/05/29 20:16:32, 40, 10.1.2.252, , hostname resolved : IMSSERVER.alpine.local
13/05/29 20:16:32, 40, 10.1.2.252, , sending welcome message.
13/05/29 20:16:32, 40, 10.1.2.252, , 220 Gene6 FTP Server v3.10.0 (Build 2) ready...
13/05/29 20:16:32, 40, 10.1.2.252, , AUTH TLS
13/05/29 20:16:32, 40, 10.1.2.252, , 234 AUTH command ok; starting SSL connection.
13/05/29 20:16:32, 40, 10.1.2.252, , establishing encrypted session
13/05/29 20:16:32, 40, 10.1.2.252, , USER username
13/05/29 20:16:32, 40, 10.1.2.252, username, 331 Password required for username.
13/05/29 20:16:32, 40, 10.1.2.252, username, PASS ****
13/05/29 20:16:32, 40, 10.1.2.252, username, logged in as "username".
13/05/29 20:16:32, 40, 10.1.2.252, username, 230 User username logged in.
13/05/29 20:16:32, 40, 10.1.2.252, username, CLNT FileZilla
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 Noted.
13/05/29 20:16:32, 40, 10.1.2.252, username, OPTS UTF8 ON
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 UTF8 OPTS ON
13/05/29 20:16:32, 40, 10.1.2.252, username, PBSZ 0
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 PBSZ=0
13/05/29 20:16:32, 40, 10.1.2.252, username, PROT P
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 PROT command successful.
13/05/29 20:16:32, 40, 10.1.2.252, username, PWD
13/05/29 20:16:32, 40, 10.1.2.252, username, 257 "/" is current directory.
13/05/29 20:16:32, 40, 10.1.2.252, username, TYPE I
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 Type set to I.
13/05/29 20:16:32, 40, 10.1.2.252, username, PORT 10,1,2,252,220,229
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 Port command successful.
13/05/29 20:16:32, 40, 10.1.2.252, username, MLSD
13/05/29 20:16:32, 40, 10.1.2.252, username, 150 Opening data connection for directory list.
13/05/29 20:16:32, 40, 10.1.2.252, username, establishing encrypted session
13/05/29 20:16:32, 40, 10.1.2.252, username, 226 Transfer ok.