Intranet Serv-U rack station: instance parsing FTP principles

First of all, the Intranet here refers to the Intranet in the internal environment of Internet cafes. I have nothing to say about the Intranet. A basic condition: A Public IP address with Operation permissions on the gateway.

For the FTP server 192.168.0.100, I chose Win2k + Serv-U 6.1.0.0. A common gateway is the simplest dual-nic PC, which is connected to the Internet and the Intranet, assume that the Internet IP address is 218.4.218.4 and the Intranet IP address is 192.168.0.1.

Here are some conceptual things:

A complete FTP session contains two connections: a command channel and a data channel. The command channel is used to pass some "commands" and feedback, including username and password logon. It is also known that the plaintext data channel is used to transmit actual data-column directories and files, once the column directory or file transmission is required, the data channel will be established. There are two methods: Port 2 and PASV.

You will find many FTP servers on the Internet, some of which either only support port or PASV, some because of security considerations, and some because of restrictions. I want to support using FTP in both the port and PASV modes, so that the client will not be troubled by connection, especially for some new users who define port and PASV, the easy-to-understand explanation is for the FTP server:

Port is an active mode. When a data channel is established, the server connects to others;

PASV is a passive mode. When a data channel is established, the server is connected by others;

The port or PASV mode is used to establish a data channel. The choice lies in the FTP client.

Now we have to do port ing. The most basic thing is the command channel ing. Here we use the default 21, I want to forward the connection request to port 21 of port 218.4.218.4 received by the Gateway Internet interface to port 21 of 192.168.0.100.

　　Win2k Gateway

The system comes with a simple port forwarding Program, which provides us with connection sharing ICs/RRAS. The two methods work the same in principle, in addition, the process of configuring port forwarding for such services is relatively simple. I don't need to figure it anymore. There have been many cases before.

After you register a rule similar to "public network and port 218.4.218.4: 21 to private network and port 192.168.0.100: 21" in "service and port, others will be able to access your intranet FTP server, but you will soon find that your FTP server only supports port mode, if the client is in the Intranet environment, the port method cannot be used. Why? For analysis, the server will specify a local random port as the PASV port after receiving the PASV command from the client in PASV mode, notify the client, and wait for the client to connect, the notification message contains the IP address of the FTP server and the opened PASV port. What is the IP address of my FTP server?

Now 192.168.0.100, The PASV notification received by the other party will be in this format. The 227 entering passive mode (192,168, 0,100, m, n) Mn defines the PASV port value, the calculation method is M * 256 + M. If M is 10 and N is 20, the PASV port is 2580. After the client receives this notification, when it wants to initiate a connection to the data channel, it will send a SYN request to the destination address 192.168.0.100: 2580 and will not receive a response without any doubt, because this IP address does not actually exist in the public network, the solution is to let the FTP server send a PASV notification with a public IP address. Our Serv-U supports this function.

Then, map the PASV port to be opened on the gateway to 192.168.0.100 like port 21.

You may be confused. PASV is a random port opened by the server dynamically. How can I know which port is used? How to map? No problem. Serv-U can also define the use of a fixed PASV port each time. Of course, to undertake multiple connection sessions at the same time, you need to set several more to one segment, then, the gateway maps to the FTP server one by one, and 20 are set in the figure.