如何处理“主机尝试数据连接 x.x.x.x 与服务器 y.y.y.y 不同"骆驼FTP错误?

2022-01-19 00:00:00 ftp java apache-camel apache-commons-net

我正在尝试使用 Camel FTP Producer 将文件发送到第三方 ftp 服务器(由 Amazon 托管),并且遇到了一个问题,我收到 Writing File failed with: File operation失败... 主机尝试数据连接 xxxx 与服务器 yyyy 不一样 我以前没见过.

I'm trying to send a file to a third party ftp server (hosted by Amazon it would appear) with a Camel FTP Producer, and am having an issue where I am getting Writing File failed with: File operation failed... Host attempting data connection x.x.x.x is not the same as server y.y.y.y which I've not seen before.

生产者被配置为被动模式,根据TRACE级别的日志,这是启用的.(虽然错误消息听起来更像是与活动模式问题有关)

The producer is configured to be in passive mode, and according to the logs at TRACE level, this is enabled. (Although the error message sounds like it would relate more to an active mode issue)

y.y.y.y IP 地址是 nslookup 为目标域列出的 IP 地址之一,因此该位是有意义的.但是,xxxx IP 与不同的 Amazon 托管服务器相关,因此我推测已经执行了某种切换或负载平衡,而 FTP 客户端不喜欢这样.

The y.y.y.y IP address is one of those listed by nslookup for the target domain, so that bit makes sense. However, the x.x.x.x IP relates to a different Amazon hosting server, and so I presume some sort of hand-off or load-balancing has been performed, and the FTP client doesn't like that.

是否有某种方法可以配置 Camel FTP 以允许这样做(我假设这是一项安全功能),或者被动模式是否应该允许这样做?

Is there some way of configuring Camel FTP to allow this (I'm presuming this is a security feature), or should passive mode allow this anyway?

我对 ftp 服务器提供商没有任何影响,所以很遗憾,我只能更改客户端选项.

I have no influence with the ftp server provider, so unfortunately I can't change anything but my client options.

感谢收看!

推荐答案

经过一些挖掘和 grep Apache Commons FTP 的源代码,有问题的消息是由客户端中的验证引起的,该验证检查被动模式连接与初始服务器连接相同.

After some digging, and grepping the source code for Apache Commons FTP, the message in question is caused by a validation in the client which checks that the passive mode connection is the same as the initial server connection.

鉴于这似乎是一个负载平衡系统,被动模式数据连接是与目标 IP 不同的 IP,因此验证失败.

Given that this appears to be a load-balanced system, the passive mode data connection is a different IP from the target IP, and this fails the validation.

可以通过创建 FTPClient 的特定实例并关闭删除验证来使用 Camel FTP 修复它.

It can be fixed using Camel FTP by creating a specific instance of the FTPClient and setting remove verification off.

FTPClient ftp = new FTPClient();
ftp.setRemoteVerificationEnabled(false);
registry.put("FTPClient", ftp);

然后在 FTP 的 URI 中引用此对象

and then referencing this object in the URI for FTP

ftp://user@host:21/path?password=xxxx&passiveMode=true&tempPrefix=part.&ftpClient=#FTPClient

显然,通过禁用此远程验证测试,您会使自己更容易受到 FTP 数据被重定向或拦截以及您的数据被发送到您不希望的地方,但我想如果您担心您不会不使用仍然首先使用未加密的 FTP.

Clearly, by disabling this remote verification test you are making yourself more vulnerable to the FTP data being redirected or intercepted and your data being sent somewhere you didn't intend, but I guess if you're worried about that you wouldn't be using still be using unencrypted FTP in the first place.

相关文章