1.测试拓扑:
R2 (FTP Client 202.100.1.2/24)-------------------(202.100.1.2/24) R1 (10.1.1.1/24)---------------------(10.1.1.18/24)FTP Server参考链接:2.测试目标: 通过测试,理解FTP的两种模式:被动模式,主动模式A.被动模式: command :Client (源端口>tcp 1024) ------>FTP Server (目标端口tcp 21) data:Client (目标端口>tcp 1024) ------ > FTP Server (源端口>tcp 1024)B.主动模式: command :Client (源端口>tcp 1024) ------>FTP Server (目标端口tcp 21) data:Client (目标端口>tcp 1024) <------ FTP Server (源端口tcp 20)3.基本配置:A.R1:config tinterface Ethernet0/0 ip address 202.100.1.1 255.255.255.0 no shutdowninterface Ethernet0/1 ip address 10.1.1.1 255.255.255.0 no shutdownB.R2:config tinterface Ethernet0/0 ip address 202.100.1.2 255.255.255.0 no shutdownC.FTP服务器:IP:10.1.1.18/25GW:10.1.1.14.R1路由器PAT配置:A.先只配置静态PATconfig tinterface Ethernet0/0 ip nat outsideinterface Ethernet0/1 ip nat insideip nat inside source static tcp 10.1.1.18 21 interface e0/0 21B.查看静态PAT设置R1#show ip nat translations Pro Inside global Inside local Outside local Outside globaltcp 202.100.1.1:21 10.1.1.18:21 --- ---5.FTP访问测试:①FTP被动模式测试A.R2作为FTP客户端配置FTP客户端为被动模式:config tip ftp passive----备注:思科路由器默认采用的是被动模式,可以不用敲B.R2作为FTP客户端配置FTP用户名密码:config tip ftp username xllip ftp password 1234qwerB.R2作为客户端可以成功拷贝文件:R2#copy ftp://202.100.1.1 flash:Address or name of remote host [202.100.1.1]? Source filename [watch.sh]? Destination filename [watch.sh]? %Warning:There is a file already existing with this name Do you want to over write? [confirm]Accessing ftp://202.100.1.1/watch.sh...Erase flash: before copying? [confirm]Erasing the flash filesystem will remove all files! Continue? [confirm]Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erasedErase of flash: completeLoading watch.sh ![OK - 986/4096 bytes]Verifying checksum... OK (0xE972)986 bytes copied in 7.492 secs (132 bytes/sec)C.在文件拷贝过程中,在R1查看NAT转换:R1#show ip nat translations Pro Inside global Inside local Outside local Outside globaltcp 202.100.1.1:21 10.1.1.18:21 202.100.1.2:30662 202.100.1.2:30662tcp 202.100.1.1:21 10.1.1.18:21 202.100.1.2:35984 202.100.1.2:35984tcp 202.100.1.1:21 10.1.1.18:21 202.100.1.2:46087 202.100.1.2:46087tcp 202.100.1.1:21 10.1.1.18:21 202.100.1.2:48529 202.100.1.2:48529tcp 202.100.1.1:21 10.1.1.18:21 --- ---tcp 202.100.1.1:1576 10.1.1.18:1576 202.100.1.2:28656 202.100.1.2:28656tcp 202.100.1.1:1577 10.1.1.18:1577 202.100.1.2:30584 202.100.1.2:30584tcp 202.100.1.1:1578 10.1.1.18:1578 202.100.1.2:48461 202.100.1.2:48461-----可出看出:在对外映射的时侯采用了21端口,IOS会自动识别这个端口是FTP控制口,从而去检查里面FTP数据控制数据发现服务器告诉客户端的这个用于传送数据的端口,然后自动的添加映射。②FTP主动模式测试A.R2作为FTP客户端配置FTP客户端为主动模式:config t no ip ftp passiveB.R2作为FTP客户端配置FTP用户名密码:--同上步C.R2作为客户端可以成功拷贝文件,R2#debug ip ftp *Mar 1 01:00:05.831: %SYS-5-CONFIG_I: Configured from console by consoleR2#copy ftp://202.100.1.1 flash:Address or name of remote host [202.100.1.1]? Source filename [watch.sh]? Destination filename [watch.sh]? %Warning:There is a file already existing with this name Do you want to over write? [confirm]Accessing ftp://202.100.1.1/watch.sh...*Mar 1 01:00:14.627: FTP: 220 3Com 3CDaemon FTP Server Version 2.0*Mar 1 01:00:14.627: FTP: ---> USER xll*Mar 1 01:00:15.211: FTP: 331 User name ok, need password*Mar 1 01:00:15.215: FTP: ---> PASS 1234qwer*Mar 1 01:00:15.759: FTP: 230 User logged in*Mar 1 01:00:15.759: FTP: ---> TYPE I*Mar 1 01:00:16.211: FTP: 200 Type set to I.*Mar 1 01:00:16.211: FTP: ---> PORT 202,100,1,2,68,45*Mar 1 01:00:16.759: FTP: 200 PORT command successful.*Mar 1 01:00:16.763: FTP: ---> RETR watch.sh*Mar 1 01:00:17.183: FTP: 150 File status OK ; about to open data connection----可以看出停在了数据连接状态,如果这时配合用wireshark抓包的话,可以看到源地址为10.1.1.18,源端口为tcp 20的包到达了R2, 因为R2无法连接10.1.1.18(没有路由),所有数据通讯端口无法建立---下面是在R2上提前开启debug的抓包情况R2#debug ip tcp packet port 20R2#*Mar 1 00:25:18.959: %SYS-5-CONFIG_I: Configured from console by vty1 (202.100.1.1)R2#*Mar 1 00:25:39.103: tcp0: I LISTEN 10.1.1.18:20 202.100.1.2:25901 seq 1802999574 OPTS 24 SYN WIN 65535R2#*Mar 1 00:25:42.131: tcp0: I LISTEN 10.1.1.18:20 202.100.1.2:25901 seq 1802999574 OPTS 24 SYN WIN 65535R2#*Mar 1 00:25:48.151: tcp0: I LISTEN 10.1.1.18:20 202.100.1.2:25901 seq 1802999574 OPTS 24 SYN WIN 65535---这时console口已经死掉,只能重启路由器C.R1配置动态PATconfigure taccess-list 10 permit 10.1.1.0 0.0.0.255ip nat inside source list 10 interface ethernet 0/0 overloadD.再次拷贝文件,可以成功R2#copy ftp://202.100.1.1 flash:Source filename []? watch.shDestination filename [watch.sh]? %Warning:There is a file already existing with this name Do you want to over write? [confirm]Accessing ftp://202.100.1.1/watch.sh...Erase flash: before copying? [confirm]Erasing the flash filesystem will remove all files! Continue? [confirm]Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erasedErase of flash: completeLoading watch.sh ![OK - 986/4096 bytes]Verifying checksum... OK (0xE972)986 bytes copied in 7.704 secs (128 bytes/sec)R2#----从R2上tcp 20的抓包来看,tcp三次握手是由FTP服务器发起的:R2#debug ip tcp packet port 20TCP Packet debugging is on for port number 20*Mar 1 00:57:00.967: tcp0: I LISTEN 202.100.1.1:20 202.100.1.2:21993 seq 84304373 OPTS 24 SYN WIN 65535*Mar 1 00:57:00.971: tcp0: O SYNRCVD 202.100.1.1:20 202.100.1.2:21993 seq 2180803741 OPTS 4 ACK 84304374 SYN WIN 8192*Mar 1 00:57:01.035: tcp0: I SYNRCVD 202.100.1.1:20 202.100.1.2:21993 seq 84304374 ACK 2180803742 WIN 65535*Mar 1 00:57:01.039: tcp0: I ESTAB 202.100.1.1:20 202.100.1.2:21993 seq 84304374 DATA 986 ACK 2180803742 PSH WIN 65535*Mar 1 00:57:01.043: tcp0: I ESTAB 202.100.1.1:20 202.100.1.2:21993 seq 84305360 ACK 2180803742 FIN WIN 65535---在路由器上通debug ip ftp查看完整的FTP过程,可以看到客户端是否采用主动模式取决于客户端是否会发出PASV命令6.修改FTP端口:如果修改FTP服务器的端口为2121,在路由器配置静态NAT如下:ip nat inside source static tcp 10.1.1.18 2121 interface Ethernet0/0 21此时如果FTP客户端采用FTP主动模式与FTP服务器连接是没有问题的,但是如果采用FTP被动模式,因为R1作为NAT设备没有临时设置静态PAT,导致客户端连接服务器的数据端口失败,因此需要在R1上配置告诉R1路由器FTP服务器的端口。access-list 20 permit 10.1.1.18ip nat service list 20 ftp tcp port 2121