Last week we received a question from one of our readers who was looking for a way to give his sister access to some files stored on his PC. While there are many ways for us to accomplish this goal, one of the easiest and most cost efficient methods available would be to set up an file transfer protocol (FTP) server.
There are many advantages to using FTP. For starters, the FTP service is included with Windows XP Professional, so you won’t need to lay out any additional money on software. Additionally, because the FTP service runs over the transmission control protocol/Internet protocol (TCP/IP) suite, it can be accessed using nothing more then a web browser. This prevents you from having to make modifications on any of the client PCs, as the entire configuration takes place on the host system.
Last week, we outlined the steps involved in installing Microsoft’s FTP service on a Windows XP Professional workstation. This week we’ll discuss how to open up ports on your firewall to allow Internet users to access your FTP server. We’ll also demonstrate how to load files onto your FTP server and how to go about downloading files from the server.
When we last left off last week, we had just finished installing the FTP service on our Windows XP Professional workstation. With our FTP server now up and running, we can start copying over to the server any files or folders that we would like connecting users to have access to.
This is actually a very simple procedure and no more difficult than copying files from one folder or drive to another. To begin, simply copy the files you need and paste them into the FTPROOT folder. This folder can be found in the INETPUB folder located on your root drive (usually C:). The full path to this folder would be C:INETPUBFTPROOT.
By default, the FTP service is configured for Anonymous FTP and read-only access, which means that users can freely download any files stored on the server, but they cannot upload files to it. The Anonymous FTP account means that the server is available publicly, so anyone with the server’s IP address can access it. You can modify both of these settings to only allow specific users on to the FTP site or to give them the right to not only download but also add, modify, and erase files as well.
We don’t have the space to go into all of the different configuration settings here, but you can review or modify these options by going to the Control Panel and selecting the Administrative Tools icon. Next select Internet Information Services (IIS). The IIS dialog box is split in two. On the left side of the screen you’ll see your computer. Expand it and you’ll see a folder labeled “FTP Sites.” Right-click on it and choose Properties. From within this dialog box you have full control over the FTP site, including who can access it and how it is accessed. Experiment with it at your own risk.
With the files now safely stored on the FTP server, they are ready to be accessed. Don’t get too excited because we’re not done yet. Before anyone will be able to access your FTP site, you first need to program your router to allow FTP traffic to safely pass through your firewall.
As with other services that run over the TCP/IP protocol, FTP travels over a specific port. For example, hypertext transfer protocol (HTTP) uses port 80, simple mail transfer protocol (SMTP) port 25, and Telnet port 23. The FTP service uses port 21. You’re also going to need to get the IP address of the computer hosting the FTP service.
In Windows XP, obtaining the IP address can be performed at the Command Prompt. Type IPCONFIG and locate the address under the section entitled Ethernet Adapter. This is the IP address of the computer on your internal local area network (LAN); it typically begins with a “192.”
Once you have this information, you’ll need to log in to your router’s Administration menu. This is going to vary from one router manufacturer to another, but for the D-Link router you indicated you were using, you’re going to want to set up a Virtual Server. A Virtual Server is used to allow Internet users access to specific LAN services — in this case, FTP.
Many Virtual Servers are already preconfigured within the router, and the only thing you’ll need to do is select the one you want to use and add the FTP server host computer’s IP address to it. Once this has been enabled and saved, outside users should be able to gain access to your FTP site.
Accessing the FTP server is very simple and can be done using your web browser. Just enter the FTP site’s IP address in the URL of your browser to gain access to all the files stored on it. The syntax for accessing the FTP server is FTP://X.X.X.X; where x is the server’s wide area network (WAN) address.
It’s important to note that the WAN address is different from the IP address you just entered in the Virtual Server. You see, the router has two IP addresses associated with it — the WAN address and the LAN address. The WAN address is provided to you by your Internet service provider and is the address used to identify you on the Internet, whereas the LAN address is used internally by your local network and can’t be reached by users outside of it. This is typically referred to as a network address translation (NAT) address.
Basically, the way this works is that your router receives an FTP request at its WAN address and then, using the Virtual Server, passes the FTP traffic on through the firewall to the computer that is hosting the FTP service. Anyone outside of your local network MUST use the WAN address in order to gain access to the FTP site. Most routers have a status page to help you easily identify your WAN address.
This completes the installation and configuration of your FTP server. One last word of advice — even with a hardware firewall in place, some users also have Microsoft’s Internet Connection Firewall (ICF) enabled on their systems. If ICF is enabled on the FTP host system, users will not be able to gain access to your site even though you’ve opened up the ports on the router. To fix this you either need to disable ICF or open up port 21 in ICF as well. This was discussed in the previous Q&A entitled “Dial-up and Broadband Connections Coexisting in Harmony.”