Home
About Me!
Projects
Research
Links
Gallery
Travel
   
Random Header Image
Disable Enable
More Info



FTP

Overview:
Setting up FTP servers to work through firewalls and clients behind NAT is often a headache. What ports you need to open up on your firewall and how to setup your ftp server can be found below.

The Solution:
The best solution for clients which may be connecting to your server from behind NAT is to use Passive FTP rather than Active FTP. A description of these two types of ftp mode can be found here. If you are using a firewall you will need to select a port range for your FTP server to use for incoming connections, then you can open up this port range to external access on your firewall. You will also have to open up the control port of your FTP server, usually port 21 unless you have set this differently.

Permissions:
1 = execute, 2 = write, 4 = read. User, group, world... Eg. 777 is read, write, execute for user, group and world since 7 = 1+2+4.

Specifying Passive FTP Port Range:
It is not always easy to set this. If you are using IIS6 under Windows 2003 Server you will need to edit the metabase. To do this follow these instructions:

Setting Passive FTP Port Range - IIS6
Before you do this, make sure you have direct metabase edit enabled.

To enable direct metabase edit,
1. Open IIS Manager.
2. Right-click on the local computer node.
3. Select Properties.
4. Make sure the Enable Direct Metabase Edit checkbox is checked.

Here's the correct syntax for setting the PassivePortRange:

C:\Inetpub\AdminScripts>adsutil set /MSFTPSVC/PassivePortRange "750 1000" (of course, use the range appropriate for you)

You'll see the following output:

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

PassivePortRange : (STRING) "750-1000"

Once you've done this, you can verify the setting is active:
1. Open IIS Manager.
2. Right-click on the local computer node.
3. Click Save Configuration to Disk (The configuration would have been saved automatically after 2 minutes, this just speeds things up).
4. Using Windows Explorer, navigate to \windows\system32\inetsrv
5. Open the newest version of Metabase.xml with Notepad.
6. Search for the word passive.

The important point to remember, is that the leading /LM is not needed in the command-line path.

Thanks to Abe Klagsbrun