Do not ask me why I want to configure an FTP server on the guest machine under VMware, but I do need to do so. Obviously, port forwarding is required. Set forwarding from 21 to 21 in virtual network settings. Done.
At this time, the problem arises. What should I do if the FTP passive mode port is used? Let's talk about the difference between passive and active. p and a refer to server behavior. After the client connects to port 21 of the server and establishes a command connection, data transmission relies on another tcp connection. However, the establishment of this TCP connection is complicated. Passive means that the server (passively) opens a high-port listener and waits for the client to connect. active means that the client opens a port and requests the server (actively) to connect. Apparently, the latter sounds pretty strange. Which server initiates a connection? What if the client is NAT or has a firewall? Therefore, it is generally best to use passive mode, which is not high for the client environment. However, passive mode requires a high network environment for the server. It not only allows inbound connections on port 21, but also allows inbound connections on a group of high ports.
So, I will configure the forwarding of the VMware inbound connection. (This process will lead to tragic results. If you don't want to study it, jump to the conclusion)
(Disable the firewall before debugging to prevent interference)
On the guest machine, start the FTP server and set the listening port 21. The passive mode port range is 50000-50100.
Naturally, vmware NAT forwards-. However, Nima's tragedy is that its forwarding can only be set by one port and one port (too unscientific )! Despite the explosion, I lost 21 ports, namely 50000-50020. Let's do that first. At the same time, when passive mode is set, the ip address connected to the client is required (obviously the Internet ip address of NAT is used, and how can the Internet IP address be connected if the Intranet ip address is used ).
Then I connected it with a client on an Internet computer. The command connection was obviously normal, but after entered passive mode, the server claimed to open the port [Internet IP: 50000, but what the client receives is the [Internet IP: 50541] port. Obviously, the latter port is random and NAT is not forwarded. How can it be received by the FTP server! However, if I try to use the same status for n times, is it a NAT problem?
The common problems mentioned in the Article VMware Workstation setting up FTP servers and using PASV mode are similar, the solution he provided is not to use the default 21 ing between 21 and 21. You can create a ing between Internet 21 and Intranet 20021, so I will do this. Hey, the port number is no longer tampered with, so it's easy to go straight!
But I am still dissatisfied with the status quo in Virgo (doubt ):
Why do I have to map my data between 21 and 20021? Why do I mess up my data between 21 and 21? Is it because of the sb such as Mao VMware's NAT, port segment Forwarding is not supported? (TP-Link routes are all supported.) Can I use it clearly ??? When I am struggling, I see the article "active and passive FTP NAT" mentioned:
There are too few IP Address Resources in China. In many cases, the ftp session ends with NAT, gateway, and firewall. The ip information in port pasv may not be correct. For example, if the ip address of the client is 192.168.0.107, but the ip address of the client is connected to the internet through NAT and the internet address of the NAT is 218.2.135.1, the PORT commands sent by the client include 192,168, 0,107, xx, yy is meaningless to the server. Fortunately NAT and firewall generally have the FTP application layer awareness capability. It can intercept port passive in ftp sessions and automatically translate private ip addresses into correct external ip addresses, and enable temporary port forwarding on NAT in real time. The example is translated into, xx, and yy. Therefore, ftp can work normally.
Slot? NAT is so intelligent. If you do not initiate a connection, he can forward it for you...
Think about the previously encountered port tampering event, and the phenomenon that changing the ing port to 20021 will not affect, it should have a huge relationship with NAT.
Conclusion
VMware's NAT is extremely intelligent. It can perceive application-layer data and help you implement passive mode in a dummies.
Trigger condition:
NAT forwarding rules: from 21 to 21 indicates that you are an FTP service. (As long as the port on any end is changed, it does not matter. Therefore, question 1 can be explained)
Working principle:
Detects FTP application layer data. When 192,168, 0,107, xx, and yy are sent, it is automatically changed to, 2, 1, zz, and ww, and port forwarding from the Internet zzww to xxyy on the Intranet is established.
Solution (correct configuration ):
For VMware, you only need to configure port forwarding from port 21 to port 21. For FTP server in guest, when passive mode is set, the ip address connected to the client must be an intranet IP address (or select default) you do not need to manually specify the passive mode port range. After the server entered passive mode is enabled, the client is notified to open an intranet IP Address: a port ], NAT will automatically change this sentence to "Internet IP: another port" and map it automatically. Therefore, the forwarding of port segments is often involved. VMware NAT does not need this function, so it does not provide this function (which proves that TP-Link is not so intelligent? Now question 2 is answered)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
