CommuniGate Pro
Version 5.2

FTP Module

The CommuniGate Pro FTP module implements an FTP server for TCP/IP networks.

The FTP protocol allows an FTP client application to connect to the Server computer and specify the user (Account) name and the password. If access to the specified user Account is granted, the client application can retrieve and update data inside that Account File Storage.

File Transfer Protocol

The File Transfer Protocol allows client computers to work with files stored on remote servers. A computer running an FTP client application connects to the server computer and provides account (user) name and the password. If access to the specified user account is granted, the client application sends protocol commands to the FTP server. These protocol commands tell the server to list all files in the current directory, to change the current directory, to retrieve, upload, rename, and remove files stored on the FTP server.

The CommuniGate Pro FTP module supports all related Internet standards (RFCs).

The CommuniGate Pro FTP module supports the REST command and it can resume broken file transfer operations.

The CommuniGate Pro FTP module supports the GSSAPI authentication method. It can use the established GSSAPI "context" for encryption and integrity protection of the control and data channels.

The CommuniGate Pro FTP module supports the STLS command, as well as non-standard AUTH SSL and AUTH TLS-P commands for establishing secure (TLS) communication links.

Configuring the FTP module

Use the WebAdmin Interface to configure the FTP module. Open the Access page in the Settings realm.

Log Level: Channels: Listener
Passive Mode: Send WAN Address Legacy-Style LIST
Use this setting to specify what kind of information the FTP module should put in the Server Log. Usually you should use the Major (password modification reports) or Problems (non-fatal errors) levels. But when you experience problems with the FTP module, you may want to set the Log Level setting to Low-Level or All Info: in this case protocol-level or link-level details will be recorded in the System Log as well. Most FTP clients send passwords in the clear text format, and setting the Log setting to these values for long periods of time can become a security hole if the Log file can be copied from the Server computer.

The FTP module records in the System Log are marked with the FTP tag.

When you specify a non-zero value for the TCP/IP Channels setting, the FTP module creates a so-called "listener" on the specified port(s). The module starts to accept FTP connections from FTP clients. This setting is used to limit the number of simultaneous connections the FTP module can accept. If there are too many incoming connections open, the module will reject new connections, and the users should retry later.

If the number of channels is set to zero, the FTP module closes the listener and releases (unbinds from) the TCP port(s).
By default, the FTP module Listener accepts clear text connections on the TCP port 8021. Follow the listener link to tune the FTP Listener.
If the server computer does not have any other FTP server software running, you may want to switch the FTP Listener to the port 21 (the standard FTP port).
Note: The FTP protocol has a "NAT traversal" problem. When working in the "active" mode, the FTP server needs to open data connections to the client computer, and if there is a NAT device between the FTP server and the client computer, attempts to establish these data connections would fail. To solve this problem, most NAT devices/programs implement an FTP proxy, but they activate this feature only if they detect an outgoing connection to the port 21.
If you use the FTP module with a non-standard port number (such as 8021), your users connecting from behind NAT devices won't be able to do data transfers in the "active" mode (the "passive" mode should work correctly).
Passive Mode
When this option is disabled, the FTP module rejects requests for passive-mode file transfers.
Send WAN Address
Use this option to send the Server or Cluster WAN Address when a client requests a Passive Mode transfer.
Legacy-Style LIST
When this option is enabled, the Server always sends a positive response to the LIST command, even if the target directory is unavailable.
This option can help some clients that always open a data connection for LIST results, ignoring error messages the Server sends.

Access to Account File Storage

When an FTP user is authenticated, the current directory is set to the topmost directory of the Account File Storage.
The FTP module allows a user to upload, download, rename and remove file from File Storage and its directories.
The FTP module allows a user to create, remove, and rename directories in the Account File Storage.

It is possible to access File Storage of some other Account by using the ~accountName/ name prefix (to access the accountName Account in the same Domain), or by using the ~accountName@domainName/ name prefix to access File Storage of any Account in any Domain.

Please see the File Storage section for the details on the required Access Rights.

Passive Mode Connections

The FTP module supports Passive Mode transfers. In this mode, the FTP module opens a separate listener port/socket, sends the IP address and port number of that socket to the client, and the client opens a TCP connection to the specified address and port.

When the CommuniGate Pro Server is located behind a NAT/Firewall, external (WAN) clients using the Passive Mode connect to an external WAN address, rather than the Server own IP address. If the NAT/Firewall cannot fix this problem, use the Send WAN Address option.

The FTP Module uses the TCP Media Proxy ports for Passive Mode transfers.

CommuniGate® Pro Guide. Copyright © 1998-2008, Stalker Software, Inc.