Setting up a home FTP server using Windows Server 2008 R2

Homelab, Technology

Overview

Today I decided to set up a home FTP server. Although my web host already provides some space for me to FTP files into, having a personal FTP server allows me to send files directly to my own personal archive. As an added benefit, I don’t have to worry about hosting copyrighted files on the public-facing internet!

My environment:

  • Windows Server 2008 R2 Server
  • Asus Wireless Router RT-AC66U
  • Filezilla Client
  • Purchased domain

 

Steps

Part 1: Install the IIS FTP Server Service

  • Open Server Manager, go to Roles and click “Add Roles”

1.png

  • In the Add Role Wizard, select Web Server (IIS) role to install

2.png

  • Click Next until you reach Select Role Services page, leave the default and check FTP Server, FTP Service and FTP Extensibility at the bottom. Click Next, follow the wizard and finish the role installation.

3.png

  • Now open IIS Manager from Start > Administrative Tools, expand the server, right click Sites, and click Add FTP Site, give it a site name and configure the physical path as needed.

4.png

  • Configure Binding and SSL. In my case, I chose “Allow SSL” and assigned my server identity certificate (different than the image below). This allows secure FTP connections later on.

5.png

  • Enable Basic Authentication and configure authorization. In our case I’ll start with allowing All users both Read and Write permission as long as all the users on the server are password protected.

6.png

Part 2: Configure the IIS FTP Server Service

  • In Server Manager, click the server. Go to FTP Firewall Support and choose a range of ports. In my case, I chose 50,000 to 50,004
  • Screen Shot 2015-08-17 at 8.42.29 PM
  • Click the actual FTP site. Go to FTP Firewall Support and type in the external IP address of your FTP site.
  • Screen Shot 2015-08-17 at 8.52.52 PM
  • In Windows Firewall make sure to open the correct ports so that the server can send/receive FTP traffic. In my case, I opened 21 and 50000-50004
  • 7.png
  • 8.png

 

Part 3: Configure router ports

Once the server connections are configured for FTP traffic, you have to make sure that your proxy allows the connections as well. Since mine is just a homelab, I have to forward all the connections on the router level. Forwarding port 21 immediately allows connections to the FTP server! Viewable from Chrome:

ftp.screenshot

At this point, FTP clients can connect to the FTP server, but actual file downloads/uploads will not work. In order for a client to both download and upload files, data connections must be open from the extranet to the internal network as well. In my case, I chose ports 50000-50004, so these had to be open on both the server firewall and router level. Here’s a screenshot from my Asus Wireless Router RT-AC66U:

Screen Shot 2015-08-17 at 8.23.11 PM

 

 

Part 4: Configure the Filezilla client for active mode

By default, Filezilla uses passive connections. Here’s how to configure the client:

  1. In FileZilla, click on Edit | Settings.
  2. Under Connection, click on FTP and choose Passive as the Transfer Mode.
  3. Under Connection, under FTP, click on Passive mode and choose “User the server’s external IP address instead”
  4. Add the external URL of your FTP site as a connection point and configure it for secure FTP

Source: https://wiki.filezilla-project.org/Network_Configuration

 

Success

And just like that, I have a working home ftp server! Successful connection:

Status: Connecting…
Status: Connection established, waiting for welcome message…
Status: Initializing TLS…
Status: Verifying certificate…
Status: TLS connection established.
Status: Connected
Status: Retrieving directory listing…
Status: Directory listing of “/” successful

Successful file download and upload:

Status:       Connection established, waiting for welcome message…
Status:       Initializing TLS…
Status:       Verifying certificate…
Status:       TLS connection established.
Status:       Connected
Status:       Starting download of /test.junservftp.txt
Status:       File transfer successful, transferred 0 bytes in 1 second
Status:       Starting upload of /Users/junsungwong/Downloads/header.jpg
Status:       File transfer successful, transferred 144182 bytes in 1 second

Related Notes

  • Use an SSL certificate for secure connections
  • In FileZilla, if you see any colored text (blue/green) your client is probably trying to use passive connections. You can configure the FileZilla client to use active connections, in which case the log will only show black text.
  • Setting up passive FTP connections is more dangerous for your server
    • “As explained earlier, if you’re administering an FTP server, it would be best for you to configure your server to support passive mode FTP. However, you should bear in mind that in doing so, you would be making your system more vulnerable to attacks. Remember that, in passive mode, clients are supposed to connect to random server ports.”
    • http://www.jscape.com/blog/bid/80512/Active-v-s-Passive-FTP-Simplified
  • Active FTP:
    • Client connects to server on port 21 (command channel)
    • Server connects to client on port 20 (data channel)
  • Passive FTP:
    • Client connects to server on port 21 (command channel)
    • Clients connects to server on random port (data channel)
Tweet
Share
Share

Leave a Reply

Your email address will not be published. Required fields are marked *