Incomplete analysis of intranet FTP server erection

FTP server first to mention is that the intranet here is generally our Internet cafes internal environment intranet, LAN Intranet I have nothing to say, willing to spend money to DNS0755 good. A basic condition: a public network IP, the gateway has operational rights.

FTP Server-side 192.168.0.100, I choose Win2k+serv-u 4.1.0.0, very common commonly used a combination gateway is the simplest dual network card PC, one external network connected to the intranet, This assumes that the extranet IP is 218.4.218.4, and the intranet IP is 192.168.0.1.

To mention some conceptual stuff:

A complete FTP session that contains two connections, one called a command channel, and one called a data channel. The command channel is used to deliver some "commands" and feedback, including user name password landing, and it is well known that the clear text of the data channel used to pass the actual data----column directory, file transfer, once the need for a directory or file transfer, the data channel will be established, there are two ways, one is the port two is PASV.

You will find many FTP servers on the Internet, some either only support port, or support PASV, or because of security considerations, or because of conditions and so on. I want to make my FTP port and PASV way to support, so that the client will not be bothered by the connection, especially some novice, for the port and PASV definition, easier to understand the explanation for the FTP service side:

Port is the active mode, in the establishment of data channels, the server to connect others;

The PASV is passive mode, when the data channel is established, the service end is connected by others;

When the data channel is established, use port mode or PASV mode, the choice lies in the FTP client.

Now to do, is the port mapping, the most basic is the map of the command channel, where the default 21, I would like to be in the network interface received on the 218.4.218.4 Port 21 of the connection request, forward to 192.168.0.100 21 port.

Win2K Gateway system with a simple port forwarding program, is to provide us with the sharing of the Ics/rras, the two ways the principle is the same, and can provide such business port forwarding setup process is relatively simple, I do not grasp the map, before there are many.

It is in "services and Ports", register a similar "public network and port 218.4.218.4:21 to private network and port 192.168.0.100:21" in the format of the rules set up, others will be able to access your intranet FTP server, But you will soon find that your FTP server only supports the port, if the client also in the intranet environment, the port is not the way to use this is why? Let's analyze this, because in the PASV way, when the server receives the client's PASV command, it assigns a local random port as the PASV port and notifies the client, then waits for the client to connect, which contains the FTP server's IP address and the open PASV port in the notification message. What is the IP address of my FTP server?

Now is 192.168.0.100, then the other side received the PASV notification will be in this format of the entering passive mode (192,168,0,100,m,n) MN is defined PASV port value, calculated by M*256+m, If M is 10 and N is 20, then the PASV port is 2580 when the client receives this notification, and when it wants to initiate a connection to the data channel, it sends a SYN request to the destination address of 192.168.0.100:2580 and will no doubt receive an answer. Because this IP in the public network is in fact not the solution is to let the FTP server to send with public network IP PASV notice, our serv-u support this function.

Then, on the gateway, map the PASV port that needs to be opened to the same 192.168.0.100 as Port 21.

You may be wondering, PASV is a random port that the server dynamically opens, how do I know which one it will use? How do you map it? No problem, Serv-u can also define the use of fixed PASV port, of course, in order to undertake multiple connection sessions at the same time, you need to set several into a paragraph, and then in the network off one by one mapping to the FTP server, the figure set 20.