Linux上ftp成功而Solaris上失败的原因

在远端机房换了新的F5之后，就发现了一个奇怪的现象，向远端进行FTP的时候，LINUX环境可以顺利执行，而Solaris环境，FTP则没有响应。

对于Solaris环境下，FTP可以登陆成功，但是执行任何需要访问远端站点的操作，FTP会话就HANG住了，除非执行CTRL+C，否则不会自动退出：

bash-2.03$ uname -aITPUB个人空间6][n/wUMFN:k![(i6{)z5L
SunOS datat1 5.8 Generic_117350-46 sun4u sparc SUNW,Sun-Fire-480R
(vPF8D3|[@$g(X5[0bash-2.03$ ftp 172.0.2.60ITPUB个人空间1d#nH D;\4T
Connected to 172.0.2.60.
oN\nlx.g6[b0220 unknown FTP server (SunOS 5.8) ready.ITPUB个人空间&RNe;Y6u9n,`
Name (172.0.2.60:oracle): oracleITPUB个人空间)B jCxp"A|0H9V
331 Password required for oracle.ITPUB个人空间V"q_tmxy
Password:ITPUB个人空间t"gEp iu
230 User oracle logged in.
^.d%oZ#I?AO0ftp> ls
*twCH)K0200 PORT command successful.
+PB,W2a0K1A`C5ke3?0^CITPUB个人空间v"XA?(oa
421 Service not available, remote server has closed connection

而对于Linux环境而言，访问相同站点，同样的操作却没有任何的问题：

[oracle@bjtest data]$ uname -a
!V6Ah(G!Ke3T;NT0Linux bjtest 2.6.18-8.el5xen #1 SMP Tue Jun 5 23:53:34 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux
Ff(e)dX.n0[oracle@bjtest data]$ ftp 172.0.2.60
Gr1e9~%w+^0Connected to 172.0.2.60.
/p8mA/?Y6Q(V!S0220 unknown FTP server (SunOS 5.8) ready.
s {(H(~3w}7o"A+z0500 'AUTH GSSAPI': command not understood.ITPUB个人空间 o.~9o5h+Iuk4?#?
500 'AUTH KERBEROS_V4': command not understood.
!`?5{*G*RJV J0KERBEROS_V4 rejected as an authentication typeITPUB个人空间.fB3`M.W.R{Z
Name (172.0.2.60:oracle): oracleITPUB个人空间A,K5J2nV3E0A
331 Password required for oracle.ITPUB个人空间-a0u3w6F
s
fm;c2{*O
Password:
`;w)i6t5St,v0230 User oracle logged in.
)dE3q~7T:Eo [0Remote system type is UNIX.ITPUB个人空间^*K)b7|)j`^#kj
Using binary mode to transfer files.ITPUB个人空间9s2w~w9}{}-~
ftp> lsITPUB个人空间Ty-V#cbK
227 Entering Passive Mode (172,0,2,60,129,247)ITPUB个人空间w,z[;p3W
150 ASCII data connection for /bin/ls (172.25.198.230,48588) (0 bytes).
\/`jLz0total 10284856ITPUB个人空间[n"V.ClE{ ~7W!t
drwxr-xr-x   8 oracle   dba         1536 Apr 29 16:51 .
9co]3W;~0drwxr-xr-x   5 root     other        512 Dec 19  2006 ..ITPUB个人空间fnd,[1{eExS"o
D8a#v
-rw-------   1 oracle   dba          102 May 21  2007 .XauthorityITPUB个人空间#w1IbWr+[:v&Xz
-rw-------   1 oracle   dba         7454 Jun 20 10:23 .bash_history
7O%j$M"q {y0-rw-r--r--   1 oracle   dba          321 May 22  2007 .profile
2l)q7E-PP-i:q7_8j0drwxr-xr-x   2 oracle   dba          512 May 21  2007 .vnc
d.y9q;E O:]Z p8\0-rw-r--r--   1 oracle   dba      917512192 Dec 13  2006 10gr2_db_sol.cpio
3I? ]G-}cs0.ITPUB个人空间k6D$yyC
p#u'}0^
.
9e;_G%G't7U0.ITPUB个人空间&Qt!K[-qr
-rw-r--r--   1 oracle   dba         4091 Mar 26 15:38 zxjy2008_20080326_from60_exp.log
JI8`g.zREY0226 ASCII Transfer complete.

为了定位问题的原因，在两个FTP会话连接后，都执行了一下STATUS命令：

ftp> quit
:`2l0i~!r6H-?d0bash-2.03$ ftp 172.0.2.60
/o
?AB
w'@P\{m)q0Connected to 172.0.2.60.ITPUB个人空间'Ae1NoX
220 unknown FTP server (SunOS 5.8) ready.
zUjQ2^(m0Name (172.0.2.60:oracle): oracle
_u/{#|^0331 Password required for oracle.ITPUB个人空间V[ Rjn;r
Password:ITPUB个人空间 B$x(ilN1s#S&C\
230 User oracle logged in.ITPUB个人空间Z-f
~aN~w4D
ftp> status
"N:A!u*x U oM0Connected to 172.0.2.60.ITPUB个人空间3p$c3o*{4~"H
No proxy connection.ITPUB个人空间jBd!s Km:{3^VjH
Mode: stream; Type: ascii; Form. non-print; Structure: fileITPUB个人空间n+oT^mQ2z:@G
Verbose: on; Bell: off; Prompting: on; Globbing: onITPUB个人空间}r4u!j4n:U4~0Ti ]
Store unique: off; Receive unique: off
D!Qt Au)o-}0Case: off; CR stripping: on
e(w3Y w%[tQ2?0Ntrans: offITPUB个人空间5k'cg7XK,O
Nmap: off
.hB@4|;DSyv}f0Hash mark printing: off; Use of PORT cmds: on

上面的是Solaris下ftp的status状态，而下面是Linux下ftp的status状态：

ftp> statusITPUB个人空间$|.}yEmL7[
Connected to 172.0.2.60.
3E3o0y-X6M CL9ZR|P0Control Channel Protection Level: clear
#oWBk K x\^!`I0Data Channel Protection Level: clearITPUB个人空间,g8l WCNt0r Y
Passive mode onITPUB个人空间V{9E$y9d!}3}
Mode: stream; Type: binary; Form. non-print; Structure: fileITPUB个人空间i;anXu!vS'o;v)X
Store unique: off; Receive unique: offITPUB个人空间3~
h
qHD9p.Tc#O
Case: off; CR stripping: onITPUB个人空间#Rh'^:rE+~'m t
Ntrans: offITPUB个人空间1iD y+t;\7O$K\&p
Nmap: off
-g4X[ko3cA$zS0No proxy connection.
}fj6C^'En0Hash mark printing: off; Use of PORT cmds: onITPUB个人空间x{y#am
Verbose: on; Bell: off; Prompting: on; Globbing: on

对比二者的差别，最终发现，Linux环境下的ftp的PASSIVE模式为ON，通过查看FTP的在线文档，可以看到设置PASSIVE模式为ON，可以用来访问防火墙之后的主机，而这正是当前的情况。

passiveITPUB个人空间f{7FkW
^4Pp8^0x
     Toggle  passive  data  transfer  mode off.  In passive mode, the client initiates the data connection by connecting to the data port.  Passive mode is often necessary for operation from behind firewalls  which do  not  permit  incoming connections, but may need to be disabled if you connect to an FTP server which does not support passive operation.

由于Solaris的版本比较低，因此没有这个选项，不过在Solaris 10中，FTP已经有这个选项了：

$ uname -a
HN.|KX'p-zH\0SunOS ahrac1 5.10 Generic_118833-33 sun4u sparc SUNW,Sun-Fire-V490ITPUB个人空间2br(eO&Xz;sT/[,b
$ ftp 172.0.2.60
pg;[2x8V yC0Connected to 172.0.2.60.
/n'j!G\ M;Yd0220 unknown FTP server (SunOS 5.8) ready.
W:u)Qs.w1P0Name (172.0.2.60:root): oracle
KV)gC4b h4F0331 Password required for oracle.ITPUB个人空间H P)T\(t7N*lLq3Q
Password:ITPUB个人空间5~fZau ni%r
230 User oracle logged in.ITPUB个人空间V-SX3iPk a
Remote system type is UNIX.
?0CO`VRhw0Using binary mode to transfer files.
l ^/N nq.V0ftp> statusITPUB个人空间Y)elm)x
Connected to 172.0.2.60.
0y9m8u3Pi%kZP0No proxy connection.
a0[8~ Z9sz }}9f&^$j4z0Not authenticated.ITPUB个人空间~%E%jB5rivz
Mechanism: kerberos_v5
RS:sD;J0Autoauth: off; Autologin: onITPUB个人空间-iBo0L+W6z
Control Channel Protection Level: clear
3z&] gg:w$A i0Data Channel Protection Level: clearITPUB个人空间v*L)E't.`ohc
Passive mode: off.
9g_e0Oc0Mode: stream; Type: binary; Form. non-print; Structure: file
#`8I5l,}*S0Verbose: on; Bell: off; Prompting: on; Globbing: on
t0x"Q\-b0Store unique: off; Receive unique: offITPUB个人空间|:^L"y%]C:Qf4i U3[
Case: off; CR stripping: on
H%C'f3oG#i;Q&O.N0Ntrans: off
'u h:f&c#f!b4{^0Nmap: offITPUB个人空间#jTG(G{D-NK
Hash mark printing: off; Use of PORT cmds: on