Shulou(Shulou.com)06/02 Report--

FileZilla Server download and installation is complete, you must start the software to set up, because this software is English, is an unfamiliar software, coupled with English, the difficulty of configuration can be imagined, editor from the Internet to find a very detailed tutorial to sort out some, to ensure that students reading this tutorial can be free ftp server FileZilla Server configuration.

Run FileZilla Server Interface.exe to get the above interface. If you are entering for the first time, just click ok. We can enter the password of the Filezilla service of this server in the "Administrator password:" field, and enter the management port number (what the management port is, please refer to the specific number entered in the previous installation process. ), then check "Always connect to this server" and then press (OK). It is recommended that you select the option "always connect to this server", which means that every time you start the administrative console, you are managing the local Filezilla service.

Note: it is very important to change the port and password, which is the key to ensure the security of Filezilla. The port must be modified and the password must be set! Password advice is complex enough! Can be modified in the management interface

This is the main interface of the program, and then start clicking Settings under the Edit menu. You will get the following interface:

The first step is to set the global parameters of the server:

General settings (General Settings):

Listen on Port: the listening port is actually the connection port of the FTP server. (usually 21)

Max.Number of users: the maximum number of clients allowed for concurrent connections. (0 is unrestricted)

Number of Threads: processing thread. That's the CPU priority. The higher the value, the higher the priority, which is generally fine by default.

The following is the timeout setting

Connections timeout: the connection timeout; the default here is 120 seconds.

No Transfer timeout: transfer idle timeout; default here is 600s.

Login timeout: login timed out. Here it is 60 seconds.

Generally speaking, it is OK by default here, and there is no need to change it.

The Welcome message page sets the Welcome information that is displayed after the client has successfully logged in.

Editor here has been changed to Welcom to Serv-U FTP Server (another very well-known ftp server)!

It's best to modify it here! Because hackers may exploit vulnerabilities if they are exposed at random. The suggestion is the same as the input of the editor.

IP bindings (IP binding) page: bind the server to the IP address and use * to bind to all addresses. (generally default)

IP Filter (IP filter) page: set IP filtering rules, the IP in the above column is prohibited from connecting to the FTP server, and the following is allowed.

Format: it can be a single IP address, an IP address field, and you can use wildcards, IP/ subnet syntax, or regular expressions (ending with "/") to filter the host name.

(generally default, unless set up again if necessary)

Step 2 Passive mode settings (passive transfer mode setting): this page should focus on.

First modify Use custom port range: editor selected here from 10000-10020. Choose here according to your needs.

The following are the passive transfer settings:

1) if the server itself directly owns the public network IP, you can choose the default "Default" of the software.

2) if the server is in the local area network, behind a gateway, then select the second item "Use the follwoing IP" and fill in the IP address of the public network in the input field below; otherwise, the client may not be able to connect to the FTP server in PASV passive mode. Because the server is in the intranet, when the client connects to the server using PASV mode, the server needs to tell the client its own IP address after receiving the connection request. Because the IP address detected by the server in the intranet is intranet (such as 192.168.0.5), it gives the IP address to the client, and the client cannot connect naturally. After the specified IP address is set here, the server will submit the valid IP address of the public network to the client, so that the connection can be established normally.

If the server is dynamic IP, you can select "Retrieve external IP address from" below, use the free IP query page provided by the official FileZilla website to obtain the legal IP of the public network at that time, and then the server submits the legal IP address of the public network to the client. Of course, static IP can also use this, but it is not necessary.

This setting page is very important for situations where the server is on the intranet. Some FTP servers do not have this setup project, so clients can only connect in Port active mode. Of course, some client software has special settings for this problem, such as FlashFXP site settings as long as select "passive mode to use site IP" on it.

For servers in the local area network, if the server is not placed in the DMZ zone, it is strongly recommended that you select "Use custom port range" below to define the PASV port range. Because in PASV mode, the server opens the port at random, and then tells the client the open port number to let the client connect to the open port. However, because the server is behind the gateway, if the gateway does not do the corresponding port mapping, the client will not be able to connect to the port opened by the server from the external network, resulting in PASV mode connection failure. Limit the range of ports opened by the server here, and then go to the gateway connected to the external network to do port mapping (virtual services) for these ports on the server. This requires the cooperation between the server and the Internet gateway device, so that the clients of the external network can connect in PASV mode.

Step 3 Security settings (Security Settings): the two options here are related to whether you can FXP. The default state of the software is "Block incoming server-to-server transfers" and "Block outgoing server-to-server transfers". The first item is forbidden to connect to the server, and the back is forbidden to transmit to the server. In other words, FXP is not allowed by default, so if you need to use FXP, deselect these two items. Note that the FXP transfer is related not only to the settings of this page, but also to the IP filter.

Note: if enabled, the IP filter checks the remote IP at the beginning of the transmission, and if the IP does not match the remote IP in the control channel, the transfer will be canceled.

FXP is often used to transmit illegal and pirated software, and rebound attacks can also be used to launch Dos attacks against servers, because malicious users can initiate multiple server-to-server transmissions, which will have a great impact on the bandwidth and availability of servers.

If strict filtering IP is set, the entire IP is compared to the IP in the control channel, but this option may cause problems for proxy servers that use multiple IP.

To avoid this problem, you can disable strict IP filtering so that only the first three parts of the IP address are checked, but this reduces security against FXP/ bounce attacks. Therefore, you need to choose between security and compatibility, and for best results, you can block all FXP transmissions and enable strict filtering only for incoming transmissions.

Miscellaneous: miscellaneous settings. It's fine by default.

Step 4 Admin Interface setting (administrator interface settings): these are some of the parameters of the login configuration server interface. The setting of the port number also appeared during installation. The following two columns can define the network interface and IP address that allow remote login configuration. The first blank can be set to bind the administrative interface to the IP address, using * to bind all IP addresses. 127.0.0.1 is the default binding, which always exists and cannot be removed. The second blank setting allows you to connect to the IP address of the administrative interface, using wildcards (for example: 123.234.12? . *), 127.0.0.1 is always allowed to connect to the administrative interface. Change the administrator password at the bottom.

Note: it is very important to change the port and password, which is the key to ensure the security of Filezilla. The port must be modified and the password must be set! Password advice is complex enough!

Step 5 Logging (logging): set whether logging is enabled as well as the log file size and file name.

Step 6 Speed Limits (speed limit): this is a global parameter, and there is no speed limit by default. You can select "Constant Speed Limit of" and fill in the speed limit value to achieve the speed limit, download (outgoing) and upload (incoming) can be set separately. You can also customize the speed limit rule-"Use Speed Limit Rules" according to the period of time. For example, this server or network connection has other uses besides being a FTP server. It needs to be scheduled according to time, so that FTP transmission cannot crowd out all network bandwidth and affect other network services. You can set it here.

Step 7 Filetransfer compression (File transfer Compression Settings): MODE Z FTP protocol is a real-time compressed transport protocol. In this mode, the data of the sender is compressed before it is sent, and then transmitted to the network link, and the receiver will unpack the data in real time, restore and reorganize it locally into the original file. This mode can greatly reduce the data flow in the network and improve the transmission efficiency (speed). Of course, for files that have already been compressed, there is almost no effect. To use this transport mode, you need to support the MODE Z protocol on both the server and the client.

Check "Enable MODE Z support" to enable MODE Z support on this server, so as long as the client also supports MODE Z, you can get the performance improvement it brings. "Minimum allowed compression level" and "Maximum allowed compression level" set the minimum compression ratio and the maximum compression ratio, respectively. At the bottom, you can enter a target IP that does not enable the MODE Z feature.

Step 8 sets "SSL/TLS settings".

Check "Enable FTP over SSL/TLS support (FTPS)"

There is also a place where ushi allows 10 failed attempts to be repeated within an hour.

Step 9 strengthen the permissions, find the configuration file of Filezilla in xml format, right-click it, and select Properties.

Join the Guest group to prohibit read and write permissions, set to deny.

After clicking OK, the system will pop up a prompt asking whether you want to continue and whether you want to continue.

Anonymous FTP configuration:

First open the administrative console and click the fourth icon from the left to enter the system setup.

Open the ftp user management interface and click the add button on the right to add new users.

In the dialog box for the new user, enter the name "anonymous", which is the anonymous user of FTP.

Click OK, add the user to finish, and return to the user management interface.

Click the Shared folders menu on the left. Click the Add button to add a directory.

Open the option to browse the folder and select the directory where you want to set FTP.

Click OK to add the user to finish.

Now that the user FTP client connects to the FileZilla Server, you can see that the anonymous FTP has been configured.

Standard FTP user configuration:

Setting process: open a new account → set password → selected folder → setting completed.

Step 1 is the user group (Group Settings) setting. Click the fifth button in the main screen or enter it from the "Edit"-"Groups" menu.

Group setting is to facilitate user classification and management, users with the same permissions belong to the same group, so that there is no need to repeatedly set parameters such as the permissions of each user, and simplify the configuration and management work. Click the "Add" button on the right to create a new group.

After the group is created, click "Shared folders" to enter the directory permission settings page. Click the "Add" button in the middle area to add a directory. The first directory added by the default state is the home directory (Home Directory) that the group of users will see after logging in, with a bold "H" logo in front of it. On the right side of the directory list are the operation permission settings for the directory. Above are the file permission settings, and below are the directory permission settings. If you want to change the home directory, just select the one in the list that you want to set to the home directory, and then click the "Set as home dir" button.

After setting up the home directory, click the "Add" button to set the rest of the directory in turn. Note, however, that if you only add other directories, after you connect with the client, you will find that you can't see any directories except the home directory and its subdirectories. What's going on? Here we want to explain a concept-virtual path. The so-called virtual path is the directory structure seen on the client side. Since a user can only have one home directory, the client will not see it if the other directory is not mapped to a virtual directory. Therefore, only the directories other than the home directory are virtual as subdirectories of the home directory, so that they can be seen on the client side.

For example, in this example, the home directory is D:\ Downloads. If the virtual path is not set, the client can only see the contents of the home directory when logging in, and there is nothing under the E:\ FTPRoot directory. How to set up a virtual path? Right-click the "E:\ FTPRoot" directory in the list and select "Edit aliases" from the pop-up menu to edit the alias; now to use the E:\ FTPRoot directory as the FTPRoot directory under the client home directory, type "D:\ Downloads\ FTPRoot" in the pop-up window and click the "OK" button to determine. Pay attention to the spelling rules, the first part of the path must be the absolute path of the home directory. After setting this up, you can see a "FTPRoot" directory on the client side, which is actually the E:\ FTPRoot directory.

The "Speed Limits" and "IP Filter" in the group settings are the same as the speed limits and IP filter settings in the global settings, please refer to the previous content. It's just that this is only valid for users in this group. The global setting takes effect for all users. After setting up, click the "OK" button to return to the main interface.

Permission description:

File:

Files → Read: download eucalyptus.

Files → Write: you can upload eucalyptus.

Files → Delete: you can delete eucalyptus files.

Files → Append: download the file to a local copy, open it for editing, and then upload it to the server when it is closed. (question: I don't know if editing is performed on the server side. )

Table of contents:

Directories → Creat: new subfolders can be added.

Directories → Delete: subfolders can be deleted.

Directories → List: can list eucalyptus files in folders.

Directories → + subdirs: lists the subfolders in the folder.

Note: the permissions on files and directories set in FileZilla Server depend on the permissions of files and directories set by the SYSTEM account in the Windows operating system.

Step 2 sets up the user (Users). Click the fourth button on the main interface or enter it from the "Edit"-"Users" menu.

Click the "Add" button on the right to create a user and enter the user name test.

Select the checkbox in front of Password and enter the password 123456.

Then select the group (Group) to which the user belongs from the "Group membership" column, so that the user will inherit all the attributes / permissions of the group and no longer have to set these parameters individually. This is also the convenience of setting up groups. Using groups to classify groups when there are more users will make the management more convenient and efficient. Of course, you can also set up a user who does not belong to any group, so that the permissions of that user have to be customized separately. For a small number of special users, it can be set in this way.

Go back to the user management interface, click set folder directory, and click Add to add directory.

Add complete, and then select the permissions of the test user to this directory on the right, and then click the OK button on the left to complete the configuration.

You can now use the client to test the login.

Open the FTP client software, enter the test user name and password 123456, and log in to the server.

After logging in successfully, you can see the files in the FTP directory you just made, and have the corresponding permissions to upload and download.

At this point, the basic setup of FileZilla Server is complete and ready to run.

The SFTP enabling settings are as follows:

Open the "Users" dialog box: add the user; enter the password; select "Force SSL for user login" to force the use of SSL, of course, if not, it is up to the client to choose whether or not to use SSL.

Add the FTP folder to "Shared folders" and set the appropriate permissions.

Connect to the FTP server using FileZilla Client. It is the same as a normal connection, except that you should select Servertype, as shown below:

This tutorial is also an entry-level tutorial, and other ftp server software is more or less the same. Or set it up according to your own needs.

The original address of this article has only been slightly modified by the editor, because this tutorial is already very detailed. Thank you, the original author.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.