HOWTO: Using BulletProof FTP Server when the hosted computer is protected by a Network Firewall/NAT.
BulletProof FTP Server fully supports network environments where the computer running the software is behind a network Firewall/NAT.
BulletProof FTP Server 2011/2010: PICTURES!!! For detailed step-by-step instructions, please see the following URL:
- Table of Contents
- 1.0 Introduction
- 1.1 Overview
- 1.2 Requirements
- 1.3 Background
- 2.0 FTP Control/Data Connections
- 2.1 Control Connections
- 2.2 Data Connections
- 2.3 How they are used
- 2.4 PORT vs PASV
- 3.0 Setting up BulletProof FTP Server
The file-transfer provided by FTP copies a complete file from one system to another (SERVER to CLIENT, CLIENT to SERVER). In this transfer a computer running BulletProof FTP Server (http://www.bpftpserver.com) is called the SERVER or HOST and a person connecting to the SERVER is called a CLIENT. A CLIENT is a piece of software which adheres to the Internet FTP standard (RFC-959), such as our specially designed BulletProof FTP Client (http://www.bpftp.com) or even your favorite web-browser (Firefox, Internet Explorer, etc).
To configure BulletProof FTP Server correctly you must have the following information and access:
- Administrative access to the computer running the software (Windows Administrative Privileges)
- Administrative access to the network Firewall/NAT appliance (Linksys, Netgear, Cisco, etc)
- BulletProof FTP Server (http://www.bpftpserver.com) installed and running on the intended computer
The File-Transfer-Protocol (FTP) was designed way back in 1985 to facilitate early file transfers on the Internet. This robust and elegant protocol allows for the transferring of files from server-to-client and client-to-server. However, being over 20 years old, this protocol isn't without it's downside; it's firewall/nat traversal is highly confusing and can be pretty technical. Not to fear! With a bit of terminology and some guidance, this "HOW-TO" can help you setup BulletProof FTP Server in no time!
When setting up a SERVER, it is important to understand that there are two types of connections made, control-connections and data-connections.
The control-connection is established in the typical client-server fashion, the SERVER creates a listening socket on the well-known port for FTP (TCP/21) and waits for the CLIENT to make a connection. This default TCP/IP connection on port 21 (shorthand TCP/21), can be changed to any value you wish. Often times, this port is changed to help "hide" the FTP service from would-be hackers or malicious software (virus, worms, etc). This control-connection remains open during the entire time that the CLIENT communicates with the SERVER. This connection is used for commands from the CLIENT to the SERVER and for the SERVER's replies.
The data-connection is created each time a file or data is transferred between the CLIENT and SERVER. FTP uses this data-connection is used in three different ways:
- Sending a file from the CLIENT to the SERVER
- Sending a file from the SERVER to the CLIENT
- Sending a directory-listing from the SERVER to the CLIENT
When a CLIENT (such as BulletProof FTP Client) requests a directory-listing from the SERVER (BulletProof FTP Server), the command (LIST) is sent across the control-connection and a data-connection is made to transfer the directory-listing. This avoids any potential limitations that might restrict the size of a directory-listing and makes it easier for the client to save the output and display it in an easy to use point-click interface. During this transfer, the control-connection remains idle while the data-connection is in use.
The creation of the data-connection is dictated by the CLIENT upon issuing of an FTP command (get a file, put a file or obtain a directory-listing). Unfortunately, this is when FTP becomes difficult for most people:
- In the default mode, called port-mode (PORT-mode), the CLIENT issues the command and then begins to listen on a random TCP/IP port for the SERVER to connect and establish the data-connection. Although this mode is effective, it requires the technical ability for the person running the CLIENT to understand how to secure and properly open their network's Firewall/NAT to allow this incoming connection.
- Optionally, the CLIENT can request data-connections to operate in passive-mode˙(PASV-mode). Thankfully, this mode asks the SERVER to make the listening TCP/IP port for the CLIENT to connect and establish the data-connection.
Setting up BulletProof FTP Server to operate in Passive-Mode (PASV-mode) is very easy, however you will need to break out the manual for your Firewall/NAT (Linksys, Netgear, Cisco, etc) appliance in order to allow the specified incoming TCP/IP connections.
BulletProof FTP Server 2011/2010: For detailed step-by-step instructions, please see the following URL: