One of the easiest and most convenient way for transferring files between computers locally or on the internet is by way of FTP. FTP stands for File Transfer Protocol and runs on the following ports: 21 for standard FTP, 22 for SFTP, and 990 for FTPS.
By default, standard FTP operates on port 21. However this can be changed. The only downside is there’s no secure authentication and encryption going between the client and server so it is highly recommended that this be used in an LAN network or local server(127.0.0.1 and localhost).
SFTP is a secure FTP protocol, dependent on SSH (Secure Shell) allows for the transfer of files over an encrypted connection. SFTP is capable of remote management of the server’s file system, file transfers that have been interrupted by an connection issue can be easily resumed without having to start all over again. For authentication, SFTP uses something called a Public Key for the server and Private Key for the client. Think of the Private Key as the keys to your house and a Public Key as the door, you can make it so that only the person with the right keys can enter sans needing a username/password. This is considered to be the most secure of the three available.
FTPS stands for FTP secure and is sort of like SFTP, but not quite. This type of protocol uses a certificate-based system such for as those used in internet websites for secure-based authentication. Encryption is done using TLS between the two endpoints(client and server) and can be configured as Implicit or Explicit. Implicit is recommended for security as it forces the connection to be encrypted. But if the files transferred are not of sensitive nature, Explicit can be used which, depending on user configuration, encrypts either the data passing through the connect or just your authentication details(username or password).
Choosing the best FTP Server Software
There are many different factors that go into picking the right one. Whether its pricing, functionality, ease of use there’s so many out there for the Windows platform. Here are a few:
- Cerberus FTP Server – Paid FTP server, loaded with functionality such as FTP, FTPS, SFTP, unique web UI for file access and configuration all encrypted in HTTPS.
- CrushFTP Server – Paid FTP/FTPS/SFTP server, supports authentication through SQL and RADIUS, cloud file uploads through Google Drive, Amazon, and Azure.
- FileZilla Server – A free FTP/FTPS server, open source excellent configuration and ease of use.
- Microsoft IIS – Available on certain editions of Windows under Features. FTP/FTPS component configurable as well as WebDAV(think FTP on HTTP).
- ProFTPD – Unix/Linux-based FTP/FTPS Server with features optimized for security. Available on Windows via Cygwin.
For this guide, we will be installing FileZilla Server. You can get it from here. Run the installer and click on “I agree”.
Here we will be doing a Standard install for FileZilla which includes the server itself as well as the administration interface for management. Click Next and Next again.
By default, FileZilla Server will be installed as Windows Service, it will start-up every time Windows boots. Also as you can see the admin port is set to 14147, this is the port used to access the server through the administration interface. Make sure “Start server after setup completes” and click Next. And then click Install. Wait for setup to complete and then click Close.
You will be asked to connect to the server through the administration interface. Click the checkbox to check it and make up a password that you will be using from here on as your login. Click Connect.
In the admin console you will see the following 2 messages printed in red “You appear to be behind a NAT router. Please configure the passive mode settings and forward a range of ports in your router.” and “Warning: FTP over TLS is not enabled, users cannot securely log in”. If you’re planning to run your FTP server on the internet, then we will need to configure passive mode in order to bypass your router’s firewall.
At the top of the menu, click on Edit->Settings.
You are now at Options. On the left hand side navigate to “passive mode settings”. Click the checkbox labeled “Use custom port range” and lets use values 53020 – 53120. This will give FileZilla server 100 ports to utilize for data connections. Please note that you will need to forward these same ports on your router as well as the FTP port that you will be using for incoming connections. Next under IPv4 specific click on the option that says “Retrieve external IP address from:” and leave it on the default URL.
On the left side click on “FTP over TLS settings”. This is where you will configure encryption over TLS. Click on “Enable FTP over TLS support (FTPS)”. Next, click on “Generate new certificate…”.
We are now going to generate our own certificate in order for our FTP server to accept TLS connections for encryption. Set the key size to 2048-bit and your 2-Digit country code, the rest is optional. Click Browse to save your pre-generated certificate to a specific location on your storage drive. Click on “Generate Certificate”. Under FileZilla Server Options click OK to save everything.
In the administration interface menu, go to Edit->Users.
You will now add users that will be accessing this server. Click the “Add” button on the right hand side. Enter a username and click OK. With your first user selected in the user box, click on “Password:” under Account settings and enter one. Under the page section click on “Shared folders”.
You will define a directory folder for your users to access. Here you can make almost any directory on your drive accessible. For now you will want to create a new folder on your desktop. Feel free to name it what you want. Next, head back to the FileZilla Server and under “Shared folders” click on “Add”. Go to “Desktop” and select the folder that you’ve just created. By default, this directory will become a home directory on your server and to the right you will be able to grant certain users permissions to it. Under “Files” click on Write and Delete. After click OK to close the Users window.
Open up your web browser and enter ftp://127.0.0.1/ into the address bar. You will be asked to provide the username and password that was created earlier.
You will see a web page displaying the contents of your directory. Here you are only able to download the files stored on the server. There is another way to access the server.
FileZilla also has an client available. Download the FileZilla Client from here. Installation is straightforward, after completion run it.
For now we will be doing a simple local connection. Near the top right next to “Host” type 127.0.0.1, enter your username and password created earlier on your server. For the port type 21. Click on “Quickconnect” and you should see the connection initializing in the status box. You will be prompted to confirm the unknown certificate. This is normal as you can see our Subject of Certificate and Certificate Issuer is same as the one we’ve generated. Click on the checkbox “Always trust certificate in future sessions” and click OK. Under the Remote site box, you should see your configured directory displayed and all of the files inside it.
FileZilla has been successfully configured to start accepting incoming connections. Don’t forget to forward all passive mode ports 53020-53120, FTP port 21, and 990 on your router. You can also configure a static IP address to avoid problems later on.