Shulou(Shulou.com)06/01 Report--

Editor to share with you how to solve the various problems in Filezilla server configuration FTP server, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

A lot of information about the company needs to be uploaded through ftp, so you need to configure a FTP server, find a Windows server, and start to configure yourself according to the online tutorials. He Xixi said that it was more convenient to use Filezilla, so he went to the Filezilla official website to download Filezilla Server. I thought it would be easy, but I didn't expect to encounter a bunch of pits.

Server: Windows Web Server 2008 R2 64-bit

Pit 1: install Filezilla Server error "could not load TLS network. Aborting start of administration interface"

Reason: according to the https://forum.filezilla-project.org/viewtopic.php?t=39838 discussion of this post in this Filezilla Forums, the server does not have patch KB2533623.

Out of the hole: go to Microsoft's official website to download the patch. According to my server model, I chose Update for Windows Server 2008 R2 x64 Edition (KB2533623). After the patch is installed, the Server will no longer report an error.

Pit 2: after opening Filezilla, the red letter on the panel shows "FTP over TLS is not enabled, users cannot securely".

Reason: TLS mode is not enabled.

Get out of the pit:

Open Settings

Select FTP over TLS settings, check Enable FTP over TLS support, and then click the middle Generate new certificate... Button

You can fill in the blanks at will. Just fill in 127.0.0.1 in Common name (Server address). Choose a saved location for the key and certificate, and then click Generate certificate at the bottom.

Then fill in a key password in Key password, randomly fill in one that is not needed, and finally click on the lower left OK, and then open Filezilla and there will be no error prompt.

After the above two pits are solved, you can add users and assign folder access rights according to various tutorials on the Internet, basic configuration reference "FileZilla how to configure FTP service with FileZilla", the specific role of each item in Settings refer to "free ftp server FileZilla Server configuration", most of them are set by default.

Pit 3: the server can access FTP locally, and the interface for other machines to access the user name and password will not pop up.

Reason: the firewall blocks the inbound port of the FTP on the server, in which case you can't even see the information of someone requesting a connection in the Filezilla.

Get out of the pit:

Open the Advanced Security Windows Firewall

Right-click "inbound Rule" and click "New Rule"

Select "Port", select "TCP", and enter the FTP port. If the previous configuration of Filezilla has not been changed, use the default port 21.

Then select "allow links", apply this rule all the time, and finally name the rule such as FTP Default Port, and then use other machines to access FTP, you will be able to enter a window to enter a user name and password, and you can also see the connection information in Filezilla.

Pit 4: the server can access FTP locally. Other machines enter the user name and password and prompt "error occurred while opening the folder on the ftp server. Please check if you have permission".

Why: the blogger put the above hint on Baidu and didn't find any reliable solution. Then he wondered if he could see any error code by dressing up a Filezilla Client and accessing FTP with Client. Sure enough, he found the error code "425 Can't open data connection." and found the solution "Setup FileZilla Server Passive Ports on Windows Server 2012" on stackoverflow. It probably means that the client of FTP connects to the server in Passive mode (passive mode, the blog finally explains the active mode and passive mode of FTP). Filezilla will randomly open a port between 1 and 65535. The reason for this error is that the firewall blocks the port of Passive mode.

Get out of the pit:

Check Use custom port range in Passive mode settings. It is dangerous to leave the firewall open to all ports 1-65535, so limit the port range here first.

Then repeat the process of pit 3 opening port 21 in the inbound rule to open the defined range of Passive mode ports. The only difference is that enter 50100-51100 here, name this rule as FileZilla-Passive FTP Ports, and then use other machines to access without any hindrance.

At this point, all the holes in the Filezilla configuration process have popped out. Here are two more tips and a tip:

1. Inbound and outbound rules of firewall

The following is an explanation from the copy on the Internet. For the FTP server, it only involves accessing the server from the public network, not the server, so pit 3 and pit 4 above open the port in the inbound rules of the firewall and do not modify the outbound rules.

Outbound means that you access the external network, and inbound means that the public network accesses you. Users can create inbound and outbound rules to block or allow specific programs or ports to connect. Users can use preset rules or create custom rules that can be applied to a set of programs, ports, or services, or to all programs or to a particular program; you can block a software from making all connections, allow all connections, or only allow secure connections, and require encryption to protect the security of data sent over that connection You can configure source IP and destination IP addresses for inbound and outbound traffic, as well as rules for source TCP and UDP ports and destination TCP and UPD ports.

Active mode and passive mode of 2.FTP

FTP connections include two types of channels: a control connection (command contact channel) and several data connections (data contact channel). The former is used to transmit the command of the client and the response of the server to the command, which defaults to port 21 of the server, and the lifetime is the whole FTP session time. The latter is used to transfer files and other data, such as directory lists, etc., which is established only when data transfer is needed, and once the data transfer is completed, the port used each time may not be the same. According to whether the data connection is initiated by the server, it can be divided into active mode and passive mode.

As explained in "active Mode (Active Mode) and passive Mode (Passive Mode) about ftp", the FTP protocol is based on the TCP protocol, so each interaction between the client and the server has to go through three handshakes. The two modes can be distinguished by two pictures:

Active mode: the client uses any port > 1024 to initiate a connection with port 21 of the server to establish a "command contact channel". If data transmission is to occur, inform the server port (such as 1333) and start listen through 21, and the server uses port 20 to initiate a connection to port 1333 of the client to establish a "data contact channel". Because the "data contact channel" is actively established by the server (step 6 in the figure), it is called active mode.

Passive mode: the way to establish a "command contact channel" is basically the same as the active mode, which is also connected to port 21 of the server first. But if you need to transfer data, the client will send PASV instructions telling the server to use passive mode to establish a "data contact channel", then the server will open a port and start listen, and inform the client of this port through the "command contact channel", and the client will open another port to establish a "data connection channel" with the server. Because the "data connection channel" is passively established by the server, it is called passive mode.

3. Cancel the automatic login of FTP

Sometimes we may set the save password when we visit a FTP, and then every time we visit that FTP, we log in by default with the previous user name and password. For security reasons, do not let it automatically log in, or FTP set different permissions for users, we want to log in through other user names, you can enter the blank space in the directory right-click, select "login", the pop-up window to "save password" option to cancel it, in this window you can also enter other user names and passwords, that is, through other identities to access FTP.

These are all the contents of this article entitled "how to solve various problems in Filezilla server configuration of FTP server". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.