FileZilla Server Configuration

Source: Internet
Author: User
Tags ftp client filezilla ftp protocol

?

Run FileZilla Server Interface.exe, get the above interface, if it is the first time to enter, click OK directly. We can enter the password of the server FileZilla service in the "administrator password:" field, enter the management port number (the management ports in the end is how much, please refer to the previous installation process to fill in the specific number of how much.) ), then tick "always connect to this server" and press (ok) again. It is recommended that the "Always connect to this server" option be selected, which means that each time the management console is started, it is the FileZilla service that manages the native computer.

Note: It is important to modify the port and password, which is the key to ensure the FileZilla security, the port must be modified and the password must be set! Password suggestions are complex enough! Can be modified in the management interface This is the main interface of the program, and then start to click on the settings under the Edit menu. The following interface is available: first, the server global parameter setting:
General settings (Normal settings): Listen on port: Listening port, is actually the FTP server connection port. (usually 21)
Max.number of users: Maximum number of concurrent connection clients allowed. (0 is not limited)
Number of Threads: processing thread. This is the CPU priority level. The higher the value, the higher the priority, which is usually the default.
The following is the timeout setting, Connections timeout: Connection time-out; The default is 120 seconds. No Transfer Timeout: the transmit idle timeout; The default is 600 seconds. Login timeout: Log in timeout. Here is 60 seconds. This is usually done here by default, without change. The Welcome Message page sets the Welcome information displayed after the client login is successful. This has been changed to the welcom to serv-u FTP server (another very well-known FTP servers)! It's best to change it here! A hacker might exploit a vulnerability because of casual exposure. The suggestion is the same as the input of the small series. IP bindings (IP binding) page: Binds the server to an IP address, using * to bind to all addresses. (general default) IP Filter page: Set IP Filtering rules, in the above column of the IP is forbidden to connect with the FTP server, the following is allowed. Format: Can be a single IP address, IP address segment, you can use wildcards, use the ip/subnet syntax, or regular expressions (end with "/") to filter the host name. (general default, unless necessary to set up) 2nd Step Passive Mode settings (passive transfer mode setting): This page should focus on.
First modify the Use custom port range: The small part selected here from 10000-10020. Here, choose according to your needs. The following are the passive transfer settings:
1) If the server itself directly has a public IP, you can choose the default software defaults.

2) If the server is inside the LAN, after a gateway, then choose the second "use the follwoing IP", and in the following input field to fill in the public IP address; otherwise, the client may not be able to connect to the FTP server with PASV passive mode. Because the server is in the intranet, when the client uses PASV mode to connect to the server, when the server receives the connection request, it needs to tell the client its IP address, because the server is in the network, It detects that the IP address is the intranet (such as 192.168.0.5), which gives the IP address to the client, the client is naturally unable to connect. When the specified IP address is set here, the server submits the legitimate IP address of the public network to the client so that the connection can be established properly.

If the server is dynamic IP, then you can choose the following "Retrieve external IP address from", using the FileZilla official website provided free of charge IP query page to get the public network legal IP, The server then submits this public network legal IP address to the client. Of course, static IP can also use this, but it is not necessary.

This setting page is very important for servers in the intranet. Some FTP server does not have this setup item, the client can only connect with port active mode. Of course, some client software for this issue has specific settings, such as FLASHFXP site settings as long as the "passive mode using the site IP" is OK.

For servers on a local area network, if the server is not located in the DMZ, it is strongly recommended that the following "Use custom port range" be selected to define the PASV port ranges. Due to the PASV mode, the server randomly opens the port and then opens the port number to tell the client to let the client connect to the ports that are open. However, because the server is behind the gateway, if the gateway does not have a corresponding port mapping, the client cannot connect to the server open port from the extranet, causing the PASV mode connection to fail. Here the server opens the port range, and then to the gateway that connects to the extranet, do port mapping (virtual service) to these ports on the server. This requires the server and Internet gateway devices to be set up so that the extranet client can connect in PASV mode. 3rd Step Security Settings (Safety setting): Here are two options related to whether the FXP. The software default state "block incoming Server-to-server transfers" and "block outgoing Server-to-server transfers" are both selected, the previous one is forbidden to connect the server to transmit , followed by a ban on outgoing server retransmission. This means that the default state does not allow FXP, if you need to use FXP, then the two items are deselected. Note that the FXP transmission is related to IP filters in addition to the settings for this page.

Description: If enabled, the IP filter checks the remote IP at the beginning of the transfer, and if the IP does not conform to the remote IP in the control channel, the transfer will be canceled.

FXP is often used to transmit illegally pirated software, and a bounce attack can also be used to initiate a DOS attack on the server because a malicious user could initiate multiple server-to-server transfers, which could have a significant impact on the bandwidth and availability of the server.

If you set a strict filter IP, the entire IP will be compared to the IP in the control channel, but this option may cause problems with proxy servers that use multiple IPs.

To avoid this problem, strict IP filtering can be disabled so that only the first three parts of the IP address are checked, but this makes the security of the fxp/bounce attack less secure. Therefore, you need to choose between security and compatibility, and to achieve the best results, you can block all FXP transmissions and enable strict filtering for incoming transmissions only. Miscellaneous: Miscellaneous settings. By default. 4th Step Admin Interface Setting (Admin interface Setting): This is the login configuration server interface of some parameters. The settings for the port number also appear during installation. The following two columns can be defined to allow remote login configuration of the network interface and IP address, the first blank can be set to bind the management interface to an IP address, using * To bind all IP addresses, 127.0.0.1 is the default binding, it exists and cannot be removed; the second blank setting allows the IP address to be connected to the management interface , you can use wildcards (for example: 123.234.12?.*), and 127.0.0.1 is always allowed to connect to the management interface. Change the administrator password at the bottom.

Note: It is important to modify the port and password, which is the key to ensure the FileZilla security, the port must be modified and the password must be set! Password suggestions are complex enough! 5th Step Logging (log): Set whether logging is enabled and log file size and file name. 6th Step Speed Limits: This is the global parameter, the default state is not limited to the speed. You can select "Constant speed limit of" and fill in the limit speed value to achieve the rate limit, download (outgoing) and upload (incoming) can be set separately. You can also customize the speed limit rule according to the time period--"Use speeds limit rules", such as this server or network connection in addition to do FTP server and other purposes, need to schedule according to time, can not let FTP transmission crowding out all network bandwidth affect other network services ; it can be set here. 7th Step filetransfer Compression (file transfer compression setting): MODE Z The FTP protocol is a real-time compressed transport protocol. In this mode, the sender's data is compressed before it is issued, then sent to the network link transmission, the receiver will receive the data in real-time unpacking, the local restore reorganization into the original file. This mode can greatly reduce the data traffic in the network and improve the transmission efficiency (speed). Of course, for the files that have been compressed, there is almost no effect. To use this transfer mode, both the server side and the client are required to support the Mode Z protocol.

Tick "Enable mode Z support" to enable the "mode Z" feature of the server, so that it can achieve performance gains as long as the client supports mode Z. "Minimum allowed compression level" and "Maximum allowed compression level" respectively set the minimum compression rate and the maximum compression ratio. At the bottom, you can enter a destination IP that does not have the Mode Z feature enabled. The 8th step is to set up "SSL/TLS Settings".

Select Enable FTP over SSL/TLS support (FTPS)


There is also a ushi whether to allow 10 failed attempts within an hour.

9th Step Reinforcement permissions, find FileZilla configuration file, format is XML format, right mouse click on it, and select Properties.

Join the Guest group to prohibit read and write permissions, set to deny.

When you click OK, you will be prompted to ask if the Deny permission priority is higher than the allowed permission, if you want to continue, click Yes.


Anonymous FTP configuration:


First open the Admin console and click on the fourth icon on the left to enter the system settings.

Open the FTP user management interface and click the Add button on the right to add a new user.

In the New User's dialog box, enter the name "Anonymous", which is the anonymous user of FTP.

Click Confirm, add user complete, return to user management interface.

Click on the "Shared Folders" menu on the left. Click the Add button to add a directory.

Open the Browse for Folder option and select the directory where you want to set up FTP.

Click OK to add the user to finish.

Now that the user FTP client is connected to the FileZilla server, you can see that anonymous FTP is configured to complete.

Standard FTP User Configuration:


Setup process: Open new account → set password → select folder → settings complete.

The 1th step is to set the user group (Settings). Click on the Fifth button in the main screen or the "Edit"-"Groups" menu to enter.

Group settings are designed to facilitate user collation management, users of the same permissions belong to the same group, so that you do not have to repeatedly set each user's permissions and other parameters, simplify configuration and management work. Click the "ADD" button on the right to create a new group.



After the group creation is complete, click "Shared Folders" to enter the directory Permissions settings page. Click the "Add" button in the middle area to add a table of contents. The first directory added by default state is the home directory that is seen after the group of users log on, and the home directory is preceded by a bold "H" identifier. The right side of the directory list is the Operation permission setting for the directory, which is the file permission setting, and the following is the directory permission setting. If you want to change the home directory, just select the one you want to set as the main directory in the list, then click the "Set as Home dir" button.



After you have set up your home directory, click the "Add" button to set the rest of the directories in sequence. It's important to note, however, that if you just add a different directory, you'll be connected to the client and you'll see that the directory is invisible except for the home directory and its subdirectories. What's going on? Here is a concept-the virtual path. The so-called virtual path is the directory structure that is seen on the client. Because a user can have only one home directory, the client will not be able to see the other directory if it is not mapped to a virtual directory. So only directories other than the home directory can be virtualized into a subdirectory of the home directory, which is visible to the client.

For example, the main directory is D:\Downloads, if you do not do the virtual path settings, then the client login only to see the contents of the home directory, there is a E:\FTPRoot directory below the things can not be seen. How do I set a virtual path? Right-click on the list of "E:\FTPRoot" directory, in the pop-up menu, choose "Edit aliases" editing alias; now to use the E:\FTPRoot directory as the FTPRoot directory in the client's home directory, enter "D:\" in the popup window. Downloads\ftproot "and click on the" OK "button to determine. Note the spelling rules, the previous part of the path must be the absolute path of the home directory. After this setting, the client can see a "FTPRoot" directory, which is actually the E:\FTPRoot directory.

The "Speed Limits" and "IP filter" in the group settings are the same as the global setting and the IP filter setting method, please refer to the previous content. But this is only for the users of this group to take effect. The global setting is in effect for all users. After setting, click "OK" button to return to the main screen.

Permission Description:

File:
Files→read: Can download the file eucalyptus.
Files→write: can upload file eucalyptus.
Files→delete: Can delete the file eucalyptus.
Files→append: The file is downloaded to a local copy and opened for editing, and then uploaded to the server when it is closed. (Problem: Do not know whether to perform edits on the server side.) )

Directory:
Directories→creat: can add sub folder.
Directories→delete: You can delete a child folder.
Directories→list: You can list the files in the folder.
Directories→+subdirs: Lists subfolders in the folder.

Note: The permissions on files and directories that are set in FileZilla server depend on the permissions set by the system account on the Windows operating system for files and directories.

The 2nd step sets the user (users). Click on the Fourth button of the main interface or the "Edit"--"Users" menu to enter.

Click the "ADD" button on the right to create the user, enter the user name test.

Select the Multi box in front of password and enter the password 123456.

Then select the group that the user belongs to from the "group membership" column so that the user inherits all of the properties/permissions of the group and no longer sets the parameters separately for one by one. This is also the convenience of setting up groups, when users are more often use groups to classify will make management more convenient and efficient. Of course, you can also set up a user that is not part of any group, so you have to customize the user's permissions individually. For a small number of special users, it can be set in this way.
Go back to the user management interface, click on the Settings folder directory, click Add Directory.

Add complete, then select the test user to the right of this directory, and then click on the Left OK button, configuration complete.

You can now use the client to test the login.



Open the FTP client software, enter the test username and password 123456, log on to the server.



After successful login, you can see the file under the FTP directory that you just made, and have the appropriate upload and download permissions.



At this point, the basic setup of FileZilla server is complete and ready to run.

The SFTP settings are enabled as follows:

Open the Users dialog box: Add a user, enter a password, select "Force SSL for user login" to enforce SSL, and of course, if you do not choose to use SSL, it is the client's choice.



Add the FTP folder to "Shared Folders" and set the appropriate permissions.

Connect the FTP server with FileZilla Client. Same as normal connection, just pay attention to select ServerType, such as:

?

3 This content is helpful to me

"Disclaimer": the Black Bar safety net (http://www.myhack58.com) published in this article for the purpose of transmitting more information, does not mean that the site agrees with its views and the authenticity of its responsibility, only suitable for network security technology enthusiasts to study the use of learning, please follow the relevant national laws and regulations. If you have any questions please contact us, contact email [email protected], we will be in the shortest possible time for processing.

Http://www.myhack58.com/Article/sort099/sort0101/2013/39495.htm

FileZilla Server Configuration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.