This article turns from guihua_wulipcy http://blog.csdn.net/u010376274/article/details/56479707 thanks to the author ~
To do undergraduate teaching assistants, the boss let configuration of an FTP data transfer work, find a Windows Server tinkering, began to follow the online tutorial configuration special trouble, Josesi said with FileZilla more convenient, go to filezilla official website download FileZilla Server, Would have thought it would be easy to fix, did not expect to encounter a pile of pits, recorded for easy access later.
Server: Windows Web server r2,64 bit
Pit 1: Install FileZilla server Error "Could not load TLS network. Aborting start of administration interface "
Reason: According to this FileZilla forums in this post https://forum.filezilla-project.org/viewtopic.php?t=39838 discussion, the server did not install patch KB2533623.
Out of the pit: to the Microsoft official website to download patches, according to their own server model selection, I chose the Update for Windows server R2 x64 Edition (KB2533623), patch installed after the server no longer error.
Pit 2: Open FileZilla After the panel is displayed in the red word "FTP over TLS are not enabled, users cannot securely"
Cause: TLS mode is not enabled.
Out Pit:
Open settings
Select FTP over TLS settings, tick enable FTP over TLS support, then click the middle generate new certificate ... Button
Blank space can be filled in, note common name (Server address) there to fill 127.0.0.1, the following to the key and certificate select a saved location, and then click the bottom Generate certificate
Then in key password fill in the key password, just fill in a can not use, the last click on the left OK, and then open FileZilla there will be no error hint ~ ~
Above two pits to solve, you can follow the online various tutorials to add users, assign folder access rights, basic configuration Reference "FileZilla How to use FileZilla Configuration FTP service graphics detailed", settings in each of the specific role of reference to the Free FTP server FileZilla server configuration, most of the default settings are OK.
Pit 3: Server local access to FTP, other machine access to the interface of the user name and password can not be played out
Cause: The firewall is blocking the FTP inbound port on the server, in which case the FileZilla is not visible to anyone requesting a connection.
Out Pit:
Open "Windows Firewall with Advanced Security"
Right-click on "Inbound Rules" and click "New Rule"
Select "Port", select "TCP", enter the FTP port, if you have not changed before configuring FileZilla, use the default port 21
After the selection of "Allow link", all the time to apply the rule, and finally give this rule named FTP Default Port, and then use other machines to access the FTP will be able to enter the user name and Password window, FileZilla can also see the connection information ~
Pit 4: Server local access to FTP, other machines after entering the user name and password prompt "Open the folder on the FTP server error occurred, please check if there is permission"
Reason: This pit blogger put the above hint to Baidu, also did not find any reliable solution, and then want to dress a FileZilla client, with the client access to FTP is not able to see what error code, sure enough found the error code "425 Can ' t Open data Connection. ", find this workaround from StackOverflow," Setup FileZilla Server Passive Ports on Windows Server 2012. " It is probably said that the FTP client defaults to passive mode (passive mode, the blog finally explained the active mode and passive mode of FTP) connection server, FileZilla will randomly open a port between 1-65535, the cause of this error is that, The firewall blocked the port of passive mode.
Out Pit:
Check the use custom port range in passive mode settings, if it is dangerous to have the firewall open to all 1-65535 ports, first limit the port range here.
Then repeat pit 3 in the inbound rule Open 21 port process, open the limited Passive mode port range, the only difference is to enter the following here 50100-51100, named this rule as Filezilla-passive FTP Ports, There is no obstacle to access with other machines.
At this point, all the pits in the FileZilla configuration process are jumping out, and here are two tips and a little tip:
1. Firewall inbound rules and outbound rules
The following is a copy from the online section of the explanation, for the FTP server, only involves the external network access server, does not involve the server access to the network, so the above pit 3 and pit 4 are in the firewall in the inbound rules open the port, no modification outbound rules.
Outbound is your access to the external network, inbound is the extranet access you, users can create inbound and outbound rules, thereby blocking or allowing specific programs or ports to connect. Users can use pre-set rules, or they can create custom rules that apply rules to a set of programs, ports, or services, or apply rules to all programs or to a specific program, block a piece of software from all connections, allow all connections, or allow only secure connections. Encryption is required to secure the data sent over the connection, and you can configure the source IP address and destination IP address for inbound and outbound traffic, as well as configure rules for both the source TCP and UDP ports and the destination TCP and UPD ports.
2.FTP Active mode and passive mode
FTP connections include two types of channels: A control connection (command contact channel) and several data connections (data contact channels). The former is used to pass the client's command and server-side response to the command, by default using the server's 21 port, the lifetime is the entire FTP session time. The latter is used to transfer files and other data, such as directory list, only when the need for data transmission, and once the data transfer is closed, each use of the port is not necessarily the same, depending on whether the data connection is initiated by the server, can be divided into active mode and passive mode.
The "active mode" and the "passive mode" of FTP (Passive modes) are explained more clearly, the FTP protocol is based on the TCP protocol, so the client and the server each interaction has to go through three handshake, through two graphs can distinguish between the two modes: Active mode : The client side uses any port of >1024 to establish a connection with server 21 port, establish "command Contact channel", if data transmission occurs, through 21 to inform the server port (such as 1333) and start listen, The server initiates a connection to the client's 1333 port using port 20 and establishes a "data contact channel". Because the "Data contact channel" is actively established by the server (step 6 in the figure), it is called the active mode. Passive mode : the way to establish "command contact channel" is the same as the active mode, which is the 21 port connecting the server first. But if you need to transfer data, the client will send out the PASV instruction, tell the server to use the passive mode to establish a "data contact channel", then the server will open a port and start listen, and this port through the "command contact channel" to inform the client, the client then open a port, and the server established " Data Connection Channel ". Because the data connection channel is created passively by the server, it is called passive mode.
3. Cancel Automatic login for FTP
Sometimes when we access an FTP may be set to save the password, and each access to that FTP, will default through the previous user name and password login. For the sake of security do not let it automatically login, or FTP set different permissions of the user, we want to log in by other user name, you can enter the directory blank right click, select "Login", pop-up window to the "Save password" option to cancel it, in this window can also enter another user name and password, is to access the FTP through other identities.