Overview
File Transfer Protocol (FTP) is a standard Internet protocol for transmitting files between computers on the Internet over TCP/IP connections.FTP is a client-server protocol that relies on two communications channels between client and server: a command channel for controlling the conversation and a data channel for transmitting file content. Clients initiate conversations with servers by requesting to download a file. Using FTP, a client can upload, download, delete, rename, move and copy files on a server. A user typically needs to log on to the FTP server, although some servers make some or all of their content available without login, also known as anonymous FTP.
Howto
Step by Step Installation Instructions
Instruction to use FTP server over public internet.
Please note it is recommended to protect the Inbound rules with proper ACL to restricted IP range.
To configure FTP server:
Step 1) In IIS Manager, open FTP > FTP Firewall Support.
Step 2) Specify your server’s external IP address.
Step 3) Open ports for data connections (obviously in addition to opening an FTP port 21 and possibly an implicit TLS/SSL FTP port 990).
Step 4) You need to tell the FTP server to use only the range that is opened on the firewall example 5000-5100
An internal Windows firewall is automatically configured with rules for the ports 21, 990 and 1024-65535, when IIS FTP server is installed.
The rules are not enabled initially though some versions of Windows.
Step 5) To enable or change the rules, go to Control Panel > System and Security > Windows Firewall3 > Advanced Settings > Inbound Rules and locate three “FTP server” rules. If the rules are not enabled, click on Actions > Enable Rule
internal Windows firewall is automatically configured to open FTP ports when FTP server is installed, this change does not seem to apply, until FTP service is restarted. The same is true for changing data channel port range.
Step 6) To restart FTP service go to Control Panel > System and Security > Administrative Tools and open Services. Locate Microsoft FTP Service and click Restart service.
Creating Certificate for the FTPS Server
You need a TLS/SSL certificate to secure your FTPS server. Ideally you should acquire the certificate from a certificate authority.
You may also create a self-signed certificate locally, but in such case users of your FTPS server will be warned, when connecting to the server.
To create the self-signed certificate:
1) In IIS Manager, open IIS > Server Certificates.
2) Click on Create Self-Signed Certificate action.
3) Specify a certificate name (e.g. “FTP Server”) and submit with OK.
If you want to add FTP server to manage your web site remotely, locate your web site node in IIS Manager and:
4) Click Add FTP Publishing action.
In Add FTP Site Publishing wizard:
On an initial Binding and SSL Settings step, select Require SSL to disallow non-encrypted connections and select your certificate.
On Authentication and Authorization Information step, select Basic authentication and make sure Anonymous authentication is not selected. Select which users (Windows accounts) you allow to connect to the server with what permissions. You can choose All users or select only some. Do not select Anonymous users.
5) Submit with Finish button.
How to access using Client tools like WinSCP :
1) Select FTP protocol and TLS/SSL Explicit encryption.
2) Enter your Windows server hostname to Host name field. Avoid using an IP address to allow WinSCP to verify that the host name matches with host the server’s certificate was issued to (not applicable to self-signed certificates).
3) Specify username and password of Windows account you want to connect with (when using domain accounts, you need to specify full username with format domain\username).
4) You may want to save your session details to a site so you do not need to type them in every time you want to connect. Press Save button and type site name.
5) Press Login to connect.
If you are using self-signed certificate, you will be prompted to accept it.
