File Transfer Protocol
The File Transfer Protocol allows client computers to work with files
stored on remote servers. A computer running an FTP client
application connects to the server computer and provides account (user)
name and the password. If access to the specified user account is granted,
the client application sends protocol commands to the FTP server. These protocol
commands tell the server to list all files in the current directory, to change the
current directory, to retrieve, upload, rename, and remove files stored on the FTP server.
The CommuniGate Pro FTP module supports all related Internet standards (RFCs).
The CommuniGate Pro FTP module supports the REST command and it can resume broken file transfer operations.
The CommuniGate Pro FTP module supports the GSSAPI authentication method. It can use
the established GSSAPI "context" for encryption and integrity protection of the control
and data channels.
The CommuniGate Pro FTP module supports the STLS command, as well as non-standard AUTH SSL and AUTH TLS-P
commands for establishing secure (TLS) communication links.
Configuring the FTP module
Use the WebAdmin Interface to configure the FTP module.
Open the Access page in the Settings realm.
- Use this setting to specify what kind of information the FTP
module should put in the Server Log. Usually you should use the Major
(password modification reports) or Problems (non-fatal errors)
levels. But when you experience problems with the FTP module, you may want
to set the Log Level setting to Low-Level or All Info:
in this case protocol-level or link-level details will be recorded in the
System Log as well. Most FTP clients send passwords in the clear text
format, and setting the Log setting to these values for long periods of time can become
a security hole if the Log file can be copied from the Server computer.
The FTP module records in the System Log are marked with the FTP tag.
- When you specify a non-zero value for the TCP/IP Channels setting,
the FTP module creates a so-called "listener" on the specified port(s). The module starts
to accept FTP connections from FTP clients. This setting is used to limit
the number of simultaneous connections the FTP module can accept. If there
are too many incoming connections open, the module will reject new connections,
and the users should retry later.
If the number of channels is set to zero, the FTP module closes the listener and releases
(unbinds from) the TCP port(s).
- By default, the FTP module Listener accepts clear text connections on the TCP port 8021. Follow the
listener link to tune the FTP Listener.
If the server computer does not have any other FTP server software running, you may want to switch
the FTP Listener to the port 21 (the standard FTP port).
Note: The FTP protocol has a "NAT traversal" problem. When working in the "active" mode, the FTP server needs to
open data connections to the client computer, and if there is a NAT device between the FTP server and
the client computer, attempts to establish these data connections would fail. To solve this problem, most NAT devices/programs
implement an FTP proxy, but they activate this feature only if they detect an outgoing connection to the port 21.
If you use the FTP module with a non-standard port number (such as 8021), your users connecting from behind NAT devices
won't be able to do data transfers in the "active" mode (the "passive" mode should work correctly).
- Passive Mode
- When this option is disabled, the FTP module rejects requests for passive-mode file transfers.
- Send WAN Address
- Use this option to send the Server or Cluster WAN Address when a client requests a
Passive Mode transfer.
- Legacy-Style LIST
- When this option is enabled, the Server always sends a positive response to the LIST command, even if the
target directory is unavailable.
This option can help some clients that always open a data connection for LIST results,
ignoring error messages the Server sends.
Access to Account File Storage
When an FTP user is authenticated, the current directory is set to the topmost directory
of the Account File Storage.
The FTP module allows a user to upload, download, rename and remove file from File Storage and its directories.
The FTP module allows a user to create, remove, and rename directories in the Account File Storage.
It is possible to access File Storage of some other Account by using the ~accountName/ name prefix
(to access the accountName Account in the same Domain), or by using the ~accountName@domainName/ name prefix
to access File Storage of any Account in any Domain.
Please see the File Storage section for the details on the required Access Rights.
Passive Mode Connections
The FTP module supports Passive Mode transfers. In this mode, the FTP module opens a
separate listener port/socket, sends the IP address and port number of that socket to the client,
and the client opens a TCP connection to the specified address and port.
When the CommuniGate Pro Server is located behind a NAT/Firewall, external (WAN) clients
using the Passive Mode connect to an external WAN address, rather than the Server own IP address.
If the NAT/Firewall cannot fix this problem, use the Send WAN Address option.
The FTP Module uses the TCP Media Proxy ports for Passive Mode transfers.
CommuniGate® Pro Guide. Copyright © 1998-2008, Stalker Software, Inc.