Current location - Quotes Website - Collection of slogans - Excuse me, how to set up FTP server with IIS, and where to set up "active mode" and "passive mode"?
Excuse me, how to set up FTP server with IIS, and where to set up "active mode" and "passive mode"?
FTP has two working modes: active FTP and passive FTP.

In active mode, FTP client randomly opens a port n larger than 1024 to initiate a connection to server port 2 1, then opens port N+ 1 to listen, and sends a port N+ 1 command to the server. After receiving the command, the server will use its own local FTP data ports (generally 20) to connect to the N+ 1 ports designated by the client for data transmission.

In passive mode, FTP library users randomly open a port n larger than 1024 to initiate a connection to server port 2 1, and at the same time open port N+ 1. Then send a PASV command to the server to inform it that it is in passive mode. After receiving the command, the server will open a P port larger than 1024 to listen, and then use the P port command to inform the client that its data port is P. After receiving the command, the client will connect to the P port of the server through the N+ 1 port, and then transmit data between the two ports.

Generally speaking, active FTP means that the server actively connects to the data port of the client, while passive FTP means that the server passively waits for the client to connect to its own data port.

FTp in passive mode is usually used when an FTP client behind a firewall accesses an external FTP server, because in this case, the firewall is usually configured not to allow the outside world to access the host behind the firewall, but only to allow the connection request initiated by the host behind the firewall to pass. Therefore, in this case, FTP transmission in active mode cannot be used, while FTP in passive mode can work well.

Many people mistakenly think that the FTP server built with WINDOWS component IIS has no practical value and can only do some testing and learning. The main reason is that it is difficult to set up a firewall in the port of FTP service and PASV connection mode. For port mode, the client cannot run in this environment, because the FTP service must send new connection requests to the FTP client, and the firewall will detect these connections as unsolicited connection attempts and disconnect them. Firewall administrators may not want to use FTP server in PASV mode either, because FTP service can open any short port number. If the firewall configuration allows unsolicited connections full access to all temporary ports, it may be unsafe.

From a practical point of view, it should be a better choice to establish a PASV FTP service scheme with limited default short-lived ports. Here, an example is given to illustrate how to use IIS component to set up PASV FTP service in Windows 2003.

1 Establish FTP service in port mode.

1. 1 Installs the File Transfer Protocol (FTP) service component.

Installation steps:

Control Panel-> Add or Remove Programs-> Add or Remove windows Components-> Application Server -> Internet Information Services (IIS)- > File Transfer Protocol (FTP) Services.

Select the file transfer protocol (FTP) service check box, insert the windows 2003 installation disk or select the windows 2003 installation path until the installation is completed.

1.2 configuration of FTP home directory and user permissions

Home directory: D:/soft/ftpup

Users who have read and write permissions but are not allowed to access by other users:

Ww 1 user has read and write permission to the directory ww 1, which is located at: d:/soft/ftup/localuser/ww1.

The XX 1 user has read and write access to the XX 1 directory, which is located at: d:/soft/ftup/localuser/xx1.

Allow anonymous users read-only access:

Everyone has read-only access to the public directory at the following location: d:/soft/ftup/localuser/public.

Create ww 1 and xx 1 users and set passwords.

Establish the corresponding directory and set the corresponding permissions.

1.3 Create FTP site

Through the "control panel->; Administrative tools -> Internet information services (IIS) manager->; Internet information service-> local computer -> FTP site tab, right-click FTP site-> new -> FTP site, and enter the FTP site establishment wizard: site description -> IP address and port settings-> isolate users -> FTP site home directory (D:/soft/ftpup) until the end of the wizard.

Right-click the FTP site you just established and select Allow anonymous users to connect on the Security Accounts tab. At this point, a port mode FTP site has been established.

You can turn off the firewall and test whether it meets the requirements of the client.

2 Set FTP site to PASV mode.

2. 1 supports editing the metabase directly.

Open IIS Microsoft Management Console (MMC): Control Panel-> Administrative Tools -> Internet Information Services (IIS) Manager->; Internet information service-> local computer

Right-click the local computer node, select Properties, and then select the Enable metabase direct editing check box.

2.2 Method of modifying port number 1 Configure PassivePortRange through ADSUTIL script.

Run the cmd.exe program to enter the command line mode, and enter the following command:

c:/Inetpub/admin scripts/adsutil . VBS set/MSFTPSVC/passive portrange " 5500-5550 "

In this way, the default TCP temporary port range on FTP server is limited to 5500-5550. If there are multiple connections at the same time, you can adjust them appropriately.

Use the following command to view the PassivePortRange:

C:/inetpub/adminscripts/adsutil.vbsget/msftpsvc/passiveportrange Method 2 Open the following file by modifying the configuration file:1.c:/Windows/System32/inetsrv/metabase.xml Search MaxConnections This field adds a new line of passive mode configuration information under MaxConnections. The modified configuration file is logtype = "1"msdosdir output = "true" maxclients message = ""max. connections = " 100000 " passive portrange = " 5500-5550 "

3.3. Firewall Settings in Windows 2003

3. 1 Open the FTP control port TCP 2 1 (if you change the port number, you need to make corresponding changes here).

At the command line, enter:

NETSH firewall adds TCP 2 1 FTPPort2 1

3.2 open the TCP port of PassivePortRange 5500-5550.

Create and run the following batch file (for example: ftpport.bat):

Echo open firewall port 5500-5550.

Do you want to add port open TCP %%I FTPPort%%I for /L %%I IN (5500, 1 5550)NETSH firewall?

IIS reset/restart

Echo complete

discontinue

At this point, the whole service has been set up and can be tested with the firewall enabled.

Related articles
  • Xiaoxue copywriting
  • What's the difference between DNS and IP address? What do they mean ~
  • What is the time, country, city and slogan of each modern Olympic Games?
  • What kind of cartoon image is this?
  • Spartan slogan
  • Domineering game team name
  • 1on August 25th, 945, the slogan clearly put forward by the Central Committee of China in the Declaration on the Current Situation was ().
  • What does the title of the traveling frog mean?
  • Which group's flower name is Fu?
  • Successful people buy the most expensive things, not the best. So our slogan for real estate is: not the best, but the most expensive! What movie is it?

    • copyright 2024 Quotes Website All rights reserved