Professional Documents
Culture Documents
FTP functions on a client-server model. The server hosts the files to be shared and
the client provides the interface to access, download, or upload files to the file
server. The computers transferring the files can be within the same network where
the FTP server is configured, as well as outside the network (over the internet). FTP
uses two ports, one for connection and one for sending data.
FTP can run in two modes: active and passive. And, it uses two channels between
the client and server: the command channel and the data channel. The command
channel is for sending the commands and responses, and the data channel is for
sending the actual data. As for active and passive modes , in active mode, the client
launches the command channel, and the server establishes the data channel. In
passive mode, both the command and data channels are established by the client.
Most organizations prefer passive mode. In this mode, the client initiates both
channels; therefore, the organization has little or no alterations to make on the client
firewall. The connection is from the client to the server, and the data will be return
traffic to the client. Overall, organizations can allow their users (clients) to connect to
FTP servers without compromising network security.
Primarily, the command channel is opened by the client to the FTP server on port 21.
The client also opens two random, unprivileged ports on the client (typically a port
greater than 1023). We’ll call the first port P and the second port P+1. The FTP client
initiates the connection to the server by sending a PASV command. The client
connects to the server from port P to server port 21 with the PASV command. The
server then opens another unprivileged port Q (any port greater than 1023) and
sends the port information back as a reply to the PASV command. Now the client
initiates the connection from port P+1 to port Q on the server to start the data
transfer.
Steps:
1. The client contacts the server using the PASV command on port 21.
2. The server replies using port 2000. Here, port 2000 is the port the server will
be listening to for the data connection.
3. The client initiates the connection from port 1025 to 2000 (on the server).
4. The server sends back the ACK (acknowledgement).
Server side: Port 21 should be open, as it receives the PASV command for initiating
the connection. The port used by the server to respond to the client can be anything
between Port 22 to 1022. Because the FTP server specifies a random port (anything
greater than 1023), those ports should be open for communication.
Prerequisites
o FTP depends on IIS (Internet Information Services). Both IIS and FTP
services should be installed for the configuration of the FTP server.
o A root folder is required for FTP publishing. The folder can be created under:
%SystemDrive%\ftp\ftproot
o Next, you need to set permissions to allow anonymous access to the folder.
Use the following command on a CMD prompt to grant access:
Or the path to the root folder should be set as the path for your FTP site. Even the
software firewall (like Windows firewall or Symantec) should allow connections to the
FTP server.
1. Navigate to Start > Control Panel > Administrative Tools > Server Manager in
Windows Server Manager.
2. Go to Roles node. Right-click on Roles and click Add Roles.
3. In the Add Roles window, open Server Roles and check Web Server (IIS).
4. Proceed through the setup wizard and click Install. Wait for the installation to
complete.
Enabling FTP in Windows if IIS is already installed as a
web server
1. Navigate to Start > Control Panel > Administrative Tools > Server
Manager.
2. In the Windows Server Manager, go to Roles node, and expand Web Server
(IIS) .
3. Right-click on Web Server (IIS) , and click on Add Role
Services .
4. In the Add Role Services window, go to Roles Services , and check FTP
Server .
5. Confirm IIS Management Console is checked under Management Tools .
6. Click Next , then Install , and wait for the installation to complete.
Transferring files
To transfer files, you should add an FTP site. Once the FTP site is enabled, clients
can transfer to and from the site using the FTP protocol.
5. In the Binding and SSL Settings window, type the IP address of the server.
Check the Start FTP Site Automatically option. Choose SSL Based on
Constraint . Click Next .
6. Now, select Basic for authentication.
7. Click Finish . Now, the FTP site creation is complete.
Under Authorization , you can select All Users to allow FTP access to all users
from the domain. Also, check both Read and Write under Permissions Based on
Requirement .