In enterprises, the sharing of some large files is usually done in the form of FTP, and because FTP can eliminate the differences between operating systems, the function of sharing files between different operating systems is particularly prominent.
I. How the FTP server works
The FTP protocol can work in two ways: Port and PASV. The Chinese meaning is active and passive. The port (active) connection process is: the client sends a connection request to the FTP port of the server (21 by default). The server accepts the connection and establishes a command link. When data needs to be transmitted, the server sends a connection request from Port 20 to the idle port of the client and establishes a data link to transmit data. In PASV (passive) mode, the client sends a connection request to the FTP port of the server (21 by default). The server accepts the connection and establishes a command link. When data needs to be transmitted, the client sends a connection request to the idle port of the server and establishes a data link to transmit data.
You can log on to an FTP server in two ways: Anonymous logon and authorized account and password logon. In general, anonymous login can only download files from the FTP server, and the transmission speed is relatively slow. Of course, this needs to be set on the FTP server. For such users, FTP needs to be limited, it is not recommended to enable excessive permissions, and the bandwidth is as small as possible. The administrator needs to authorize the account and password to log on. The administrator needs to inform netizens of the account and password, and set these accounts, such as the resources they can access and download and upload speeds, similarly, administrators need to restrict such accounts and reduce their permissions as much as possible. If not necessary, do not grant the account administrator permissions.
Ii. Using Windows Components IIS to build an FTP server
When setting up an FTP website, you can use the IIS components of the Windows XP/2000/2003 operating system to only serve as a shared file service without any special requirements. The following is a brief description:
1. For IIS installation, choose Start> set> Control Panel> Add/deleteProgram", Open the" Add/delete programs "dialog box, and select" Add/delete Windows components ", as shown in
Figure 1
2. Select "Internet Information Service (IIS)" to view its details. 2
Figure 2
3. Select the "File Transfer Protocol (FTP) server" in Figure 2, click OK, and then follow the Wizard to complete the installation.
4. Open start> program> Administrative Tools> Internet information service to open the IIS console. 3
Figure 3
5. Click "Default FTP site" and select "properties" from the shortcut menu to open the "Default FTP site properties" dialog box, 4
Figure 4
6. on the "ftp site" tab, modify the "Description" to an easy-to-recognize identifier, such as the FTP site of ajiu, change the IP address to an IP address of the current host (when the host has multiple IP addresses ). For example, the local computer is changed to the private address "192.168.112.128", and the "TCP port" is the default FTP port "21 ". 5
Figure 5
7. Select "Allow anonymous connection" in "security account". If you need to perform authentication when logging on to the client, you can use "Browse" to select Windows users on the server. 6. Figure 7
Figure 6
Figure 7
8. Add the FTP Server login welcome information and exit information on the "messages" tab, 8
Figure 8
9. on the "home directory" tab, select the home directory for the FTP server to provide external services. Here, you can select "directory on this computer" and select through browsing, or select "shared location on another computer". This is the main directory on which the FTP server provides services externally, the format is \ {server} \ {sharing name }", configure ftp site permissions in the FTP site directory, such as "read", "write", and "Log Access, for security reasons, anonymous users are allocated "read" instead of "write" 9, as shown in
Figure 9
10. on the "Directory Security" tab, assign the FTP server access control permissions. You can authorize the FTP server access permissions to some IP users or Deny Access From some IP users. Note: After "authorized access" is selected, the IP address in the following table will be denied. For example, if "Access Denied" is selected, the IP address user in the following table will be authorized. 10
Figure 10
11. Now, the FTP server has been set up successfully.
Iii. Test the FTP server
1. Open "start" --> "program" --> "attachment" --> "command prompt", and enter "FTP 192.168.112.128", 11
Figure 11
2. Enter the anonymous account anonymous, and the password is your email address, 12
Figure 12
3. You can use the FTP command to operate the FTP server.
Figure 13
4. Use IE to verify or obtain the FTP service. In the address bar of IE, enter "ftp: // 192.168.112.128/" 14
Figure 15
5. You can also use FTP client software, such as flashftp and CuteFTP.
Iv. virtual directory and multi-site configuration
1. in the FTP configuration process, we often need to provide multiple FTP sites for FTP sharing to a host. In this case, the establishment of multiple sites is complete, when the site is created, you can follow the site creation wizard step by step. 16
Figure 16
2. In this case, you can set up a host using different IP addresses, or identify it using the same IP address and different port numbers. 17. We use port 2121 to build the second FTP site.
Figure 17
3. During FTP configuration, we often need to share multiple directories in different paths over FTP. In this case, we can use the virtual directory to create a new virtual directory in 16. The new virtual directory wizard is complete. A virtual directory is linked to another directory through a folder in the main directory. The content in this folder does not exist in the main directory. The content actually exists in other directories. 18, as shown in Figure 19
Figure 18
Figure 19
4. At this time, note that you need to create a folder named virtual directory under the Home Directory F: \ 01 virtual simulation that provides the FTP site service. Otherwise, the virtual directory cannot provide the FTP sharing service. 20
Figure 20
Figure 21
V. Security of iis ftp server Construction
For FTP servers built through IIS, whether anonymous accounts or authorized accounts and passwords, because the FTP service account and password authentication methods are transmitted in plain text on the network, any host can intercept the account and password logged on to the FTP server as long as the data packet capture software is used. Therefore, its security needs to be enhanced in other ways.
Vi. Summary
for FTP server construction through IIS, pay attention to the hard disk format. For example, if the disk is in NTFS format, you also need to set the directory to share or enable the FTP client account to access this folder. If it is in FAT32 format, you can build it using the above method. For the account security of the FTP server, you also need to enhance security verification through SSL encryption to prevent the account from being intercepted by others.