Configuring Listener Settings
A listener is simply an IP address, port, and protocol combination that the server is accepting connections on. For example, you can add an FTP listener on port 21 and attach it to an IP address. It can be an IPv4 or IPv6 address. The “Default” listeners represent the settings that will be applied to newly detected listeners. There are several different parameters that each listener can have:
Types of Listeners
There are five types of listeners that you can add to an IP address:
The first two allow regular FTP as well as different forms of secure FTP while the SSH2 SFTP listener is for establishing connections over the SFTP protocol (a completely different protocol from FTP, despite the similar name). The HTTP and HTTPS listeners allow web client connections to the server using either the unsecure HTTP protocol or encrypted HTTPS protocol.
There are two types of secure FTP connections possible, FTPS and FTPES. FTPS is usually referred to as implicit FTP with TLS/SSL security. Its closest analog is HTTPS. It is basically the FTP protocol over a TLS/SSL secured connection. This form of secure FTP is deprecated but widely supported and still in use. This is what a Cerberus FTP Server FTPS listener is for and this type of listener typically listens on port 990. Note, the settings “Require Secure Control” and “Require Secure Data” are meaningless for this type of listener. Connections established to an FTPS listener can only be established securely.
FTPES, which is often referred to as explicit FTP with TLS/SSL security, is a modification of the FTP protocol that starts out over an insecure, normal FTP connection and is then upgraded to a secure connection through FTP command extensions during login. This is the preferred method of secure FTP because it allows SPI firewalls to know that there is FTP traffic occurring on the connection. You establish FTPES sessions using a normal Cerberus FTP Server FTP listener, typically over port 21. Both unencrypted FTP and explicit TLS/SSL connections can be established to this type of listener. You cannot establish an implicit FTPS connection over this type of listener.
Adding a New Listener
Cerberus FTP Server supports adding multiple listeners for a given IP address. This allows you to have Cerberus accepting connections from different protocols on multiple ports. The only requirement is that each listener is on a unique IP/port combination. You can add FTP, FTPS (for implicit secure FTP only), SSH2 SFTP, HTTP or HTTPS listeners.
Select the “plus” icon next to the listener list box to add a new listener. A new dialog box will appear to ask for the listener details (listener IP, type, and port combination). Selecting the “X” icon will prompt you to delete the selected listener.
|Listen Port||This setting is the port that this listener will listen on for connections. For FTP, this is the control connection port.|
|Max Connections||The setting determines the maximum number of simultaneous connections that can connect to this listener.|
|Require Secure Control||(Applies to FTP only) If enabled, only secure control connection will be allowed. This is required to protect passwords from compromise on unsecured networks with FTP.|
|Require Secure Data||(Applies to FTP only) If enabled, only secure data connections will be allowed. All directory listings and file transfers will be required to be encrypted.|
|Don’t Use External IP for Passive connections||If this option is checked, Cerberus will always use the internal IP address when the incoming connection originates on the local network.|
|Passive IP Options||
|Show Welcome Message||If checked, the server will send a welcome message during user login for FTP/S, SSH SFTP, and the HTTP/S web client (note, some FTP, and SFTP clients won’t display the welcome message).|
|Allow User Updates||(Applies to HTTP/S only) If checked, the user will be allowed to update his or her personal account information (first name, last name, email, or telephone number) through the HTTP/S web client.|
|Allow Web Account Requests||(Applies to HTTP/S only) If checked, users can request new accounts through the HTTP/s web client.|
|Allow Web Password Resets||(Applies to HTTP/S only) If checked, users can request a reset of their password through the HTTP/s web client. Several constraints must be met for the password reset feature to be active for a user account. The user must have an email address configured on their account, and the user must have previously selected and answered two security questions to be associated with their account. Finally, the administrator must have an SMTP server defined for sending emails.|
|Company Name||(Applies to HTTP/S only) The company name to display in the web client page title|
|Logo Image||(Applies to HTTP/S only) The logo image to display in the web client header. This image’s dimensions should be 230 by 70. The image format should be one that is supported by all web browsers. We recommend PNG, GIF, or JPEG|
|Login Image||(Applies to HTTP/S only) The image to display on the web client login page. This image’s dimensions should be 70 by 70. The image format should be one that is supported by all web browsers. We recommend PNG, GIF, or JPEG|
|Default Web Directory List Count||(Applies to HTTP/S only) The default number of entries that appear in the web client file list.|
|Show Timezone on Dates||(Applies to HTTP/S only) Toggles displaying timezone information for files and directories in the web client|
|Display Local Time||(Applies to HTTP/S only) Toggles between displaying server local time or UTC time for files and directories in the web client|
|Configure CAPTCHA||(Applies to HTTP/S only) Configures Google reCapatcha for the web client login and web requests pages.|
|Redirect requests to HTTP/S listener||(Applies to HTTP only) Any requests that come in over this HTTP listener will be redirected to the same address using HTTPS.|
|Do Not Store created Zip Files on Server||(Applies to HTTP only) Disallow zip file creation on the server. This removes the checkbox on the zip selected item dialog. With this option enabled, users cannot save the zip file onto the file server.|
|Hide User Account Settings||(Applies to HTTP only) Removes access to the Account page for end-users on the Web Client. By default, Anonymous Web-client end users do not have access to the Account page.|
The “Default” Listeners
There is a Default listener for each type of listener (FTP, implicit FTPS, SFTP, HTTP, and HTTPS). When a new listener (IP address) is detected, that listener will receive an FTP, FTPS, and SFTP listener and each of those listeners will be assigned the values of the appropriate “Default” listener at the time of detection. For example, If the “Default FTP” listener was defined to be on port 21, then when a new listener is detected for the first time it will receive an FTP listener on port 21 with the values of the Default FTP listener. Those settings then become the settings for the newly detected listener. Note that the new listener’s settings are not linked to the “Default” listener in any way. The “Default” listener simply represents the values that newly detected listeners will be initialized with. Changing the values of the “Default” listener wouldn’t change any values on existing or previously detected listeners.
For example, when you first install Cerberus FTP Server, the “Default FTP” listener is set to port 21 (the default FTP listening port) and all listeners detected during that first start will receive FTP listeners with that port value. If you later change the “Default FTP” listener settings then that change will have no effect on existing listeners.
It is also worth noting that Cerberus remembers the settings for listeners that were previously detected but might have changed. For servers that have dynamic addresses that constantly change or cycle between a range of addresses, Cerberus will “remember” the old values and apply those instead of the “Default” settings if that listener address is later detected again.
Listener Status Controls
Listeners can also be enabled or disabled from the main Cerberus FTP Server user listener:
Select a listener and right-click. Click the Enable/Disable menu item to toggle enabling or disabling a listener. Disabled listeners will no longer accept connections.