2024年5月26日发(作者:)

FTP SERVER

几点配置

被动模式设置和

SSL

设置

1

FileZilla server

s

A)Passive mode setting(not use 21 or 20)

Use the following IP:External IP

Don’t use external IP for local connections

Use custom port range:6000-6002(

端口加入防火墙规则或路由器转发规则

(TCP)

B)SSL/TLS settings

Genterate new certificate…

建立证书

Port:990(

端口加入防火墙规则或路由器转发规则

(TCP))

2

Serv-U

1.

本地服务器——设置

SSL

证书——应用

高级:

PASV

端口范围

:6000-6002

2.

域服务器——设置

高级——允许被动模式:

External IP

虚拟路径

:

物理路径:指定物理路径(用户目录访问中也添加此目录)

映射到:用户主目录

虚拟名称:用户主目录中显示名称

域设置:安全性:只允许

SSL/TLS

会话,端口

990

三、

FileZilla Client

A)

端口

990

B)

服务器类型:

FTP OVER SSL/TLS

Implicit

(

隐含加密)

C)

被动模式

Passive mode

参考

FileZilla

设置

SSL

FTPS using Explicit SSL/TLS howto (Server)

Configuration

First you'll want to create a certificate, this can be used in the Certificate Generator in FileZilla

Server. The Generator will want country code, state, city, etc.. This information doesn't need to be

correct at all, it is just used to generate the hash used to encrypt and decrypt the data being sent by

the server and client.

Encryption strength for the certificate is chosen at the top of the generator: 1024bit, 2048bit,

4096bit. The bigger the hash encryption the more secure the data and account information will be.

There is however one thing that needs to be taken into account, CPU utilization. When you apply

encryption to your FileZilla server the CPU will have to do many calculations to encrypt the data

being sent and decrypt the data being received. Bandwidth will also play a factor in how much the

CPU is being utilized. If you have a slower connection, lets say around 1.5mbps up you may not

have to worry about CPU utilization as much. The best way to decide is to test. After you have

created the Certificate enter its location into the "Private key file" field, or browse to it.

If your server has a direct connection to the internet the configuration is simple, check "Enable

SSL/TLS Support".

Configure with NAT

If you are behind NAT the transmission process can be tricky. If you are setting up SSL/TLS you

may have seen "425 data connection could not be opened". While using NAT and using SSL/TLS

you can't use Active FTP you have to use passive. Passive is a client side option, but passive

doesn't use port 20 and 21. To minimize the available ports open to the internet you will want to

set a custom range of ports. In the "Passive mode settings" menu in the server you'll want to check

"Use custom port range:" set the ports you want to use for passive mode. Make sure you add these

ports to port forwarding on your NAT device (Router).

Enable Explicit SSL/TLS In the SSL/TLS settings menu check "allow Explicit SSL/TLS on

normal connections." I recommend also checking "Force Explicit SSL/TLS" and "Force PROT P

to encrypt data Channel in SSL/TLS mode." This will further enforce encryption policies. If you

only want certain groups or users to have encryption you can set that up in the user or group

editor. If there is data you still want available to the general public the "Force" setting should be

disabled in the server settings menu, as you will need an FTP client rather than a web browser to

access the FTP server.

Setting up your FTP server in this way allows you to encrypt your data and login information

without having to get 3rd party programs. With explicit SSL/TLS you will need a FTP client.

Internet Explorer and Firefox don't support SSL/TLS without special plugins.

Retrieved from

%28Server%29

/FTPS_using_Explicit_SSL/TLS_howto_