Setting Up External Access to Your Server - FTP Protocol
Note: The following information specifically pertains to the FTP protocol. SSH SFTP and HTTP/S operate differently.
Connecting your FTP server to the internet for external access may require configuring your router or firewall, depending on your internet connection. FTP communication involves two connections - a control connection and a data connection, and special attention is needed to ensure their successful establishment.
Control Connection: The initial connection made with an FTP server is the control connection. It allows clients to connect, send commands, and receive server responses. The default port for the control connection is 21, but Cerberus FTP Server can be configured to listen on any free port. If a software-based firewall is in use, it's crucial to confirm that incoming connections are not blocked on the chosen control connection port.
Data Connection: The data connection, where file listings and transfers occur, often poses challenges for FTP server administrators. Two methods govern data connection establishment: active mode FTP and passive mode FTP.
-
Active Mode FTP: In this mode, the client informs the FTP server of its IP address and the port it's listening on for data connections using the PORT command. It's essential to ensure port 20 on the machine running Cerberus FTP Server is open for outgoing connections.
-
Passive Mode FTP: This mode addresses firewall issues by having the client connect to the FTP server on a port communicated via the PASV command. Administrators need to open the range of ports reserved for passive FTP connections in the firewall. Configuration options for passive FTP mode can be found in the 'Advanced' section of the Server Manager.
Failures during LIST, NLST, MLST, RETR, or STOR operations often trace back to data connection issues.
Common Network Configurations:
Configuration 1: Direct Internet Connection
- Simplest setup, common with dial-up, DSL, cable modem, and broadband users.
- May use a software firewall, requiring manual configuration to allow FTP server access.
Configuration 2: Router Connection to the Internet
- Routers, acting as firewalls, may encounter similar problems as Configuration 1.
- Firewall configurations need attention.
- The router's IP address should be used for FTP connections, forwarding control and data connection ports.
Note: Ensure "WAN IP Autodetection" is enabled in the 'General' tab of the Server Manager or manually enter the router's IP for passive mode.
While more complex network configurations are possible, most users fall into one of the above configurations.
Comments
0 comments
Please sign in to leave a comment.