As one of the oldest services on the Internet, the FTP service plays an irreplaceable role both in the past and now. In enterprises, FTP is usually used to share large files, and because FTP can eliminate differences between operating systems, it is particularly useful for sharing files between different operating systems.
1. How the FTP server works
The FTP protocol has two working modes: PORT mode and PASV mode, which means active and passive in Chinese. The PORT (active) connection process is: the client sends a connection request to the server's FTP port (default is 21), the server accepts the connection and establishes a command link. When data needs to be transmitted, the server sends a connection request from port 20 to the client's idle port to establish a data link to transmit data. The connection process in PASV (passive) mode is: the client sends a connection request to the server's FTP port (default is 21), and the server accepts the connection and establishes a command link. When data needs to be transmitted, the client sends a connection request to the server's idle port and establishes a data link to transmit data.
You can log in to the FTP server in two ways, one is to log in anonymously, and the other is to log in using an authorized account and password. Among them, generally anonymous login can only download files from the FTP server, and the transfer speed is relatively slow. Of course, this needs to be set on the FTP server. For such users, FTP needs to be restricted and it is not appropriate to enable excessive permissions. Bandwidth can also be as small as possible. To log in with an authorized account and password, the administrator needs to tell the user the account and password. The administrator can set up these accounts, such as what resources they can access, download and upload speeds, etc. The administrator also needs to set up such accounts. Limit and lower the permissions as much as possible. If it is not absolutely necessary, do not give the account administrator permissions.
2. Use WINDOWS component IIS to build FTP server
When setting up an FTP website, if it is just a service for sharing files without other special requirements, it can be completed through the IIS component of the Windows XP/2000/2003 operating system. Let’s briefly explain it below:
1. To install IIS, follow "Start" -> "Settings" -> "Control Panel" -> "Add/Remove Programs", open the "Add/Remove Programs" dialog box, and select "Add/Remove Windows Components" ” appears as shown below
 |
Figure 1
2. Select "Internet Information Services (IIS)" and view its detailed information, as shown in Figure 2
 |
Figure 2
3. After selecting the "File Transfer Protocol (FTP) Server" item in Figure 2, click OK, and then follow the wizard until the installation is completed.
4. Open "Start" -> "Programs" -> "Administrative Tools" -> "Internet Information Services" and open the IIS console. As shown in Figure 3
 |
Figure 3
5. Click "Default FTP Site", select "Properties" in the right-click shortcut menu, and open the "Default FTP Site Properties" dialog box, as shown in Figure 4
 |
Figure 4
[Cut-Page]
6. In the "FTP Site" tab, you need to modify the "Description" to an easily identifiable identifier, such as Ah Jiu's FTP site, and change the IP address to an IP address of the current host (in the case where the host has multiple IP addresses ). For example, if this machine is modified to the private address "192.168.112.128", the "TCP port" is the default FTP port "21". As shown in Figure 5
 |
Figure 5
7. Select "Allow anonymous connections" in "Security Account". If authentication is required when the client logs in, you can select the Windows user of the server through "Browse". As shown in Figure 6 and Figure 7
|
Figure 6
 |
Figure 7
8. Add the login welcome message and exit message of the FTP server in the "Message" tab, as shown in Figure 8
 |
Figure 8
[Cut-Page]
9. In the "Home Directory" tab, select the home directory where the FTP server provides services to the outside world. Here you can select "Directory on this computer" and select it by browsing, or select "Shared location on another computer". This is the main directory for the FTP server to provide services to the outside world. It is on other hosts. The format is "\{server}{share name}". In the "read", "write" and "log" of the FTP site directory Access" configure the permissions of the FTP site, as here, for security reasons, we assign "read" but not "write" to the anonymous user for security reasons, as shown in Figure 9
 |
Figure 9
10. Assign the access control permissions of the FTP server in the "Directory Security" tab. You can authorize the access permissions of the FTP server to certain IP users or deny access from certain IP users here. Note that when "Authorize access" is selected, the IP addresses in the table below will be denied. If "Deny access" is selected, users with IP addresses in the table below will be authorized. As shown in Figure 10
 |
Figure 10
11. At this point, the FTP server has been set up successfully.
[Cut-Page]
3. Test the FTP server
1. Open "Start" -> "Programs" -> "Accessories" -> "Command Prompt" and enter "FTP 192.168.112.128" at the cursor, as shown in Figure 11
 |
Figure 11
2. Enter the anonymous account anonymous, and the password is your email address, as shown in Figure 12
 |
Figure 12
3. At this time, you can operate the FTP server through FTP commands, as shown in Figure 13
 |
Figure 13
4. Verify or obtain the FTP service through IE, enter "ftp://192.168.112.128/" in the address bar of IE as shown in Figure 14
 |
Figure 15
5. In addition, it can also be accessed through some FTP client software, such as FLASHFTP, CUTEFTP, etc.
[Cut-Page]
4. Virtual directory and multi-site configuration
1. During the FTP configuration process, we often need to provide multiple FTP sites for one host for FTP sharing. This is done by establishing a multi-site. When completed, you can create a new site and follow the New Site Wizard step by step. Finish. As shown in Figure 16
 |
Figure 16
2. At this time, it can be set up through different IP addresses on a host, or identified through the same IP address and different port numbers. As shown in Figure 17, we use port 2121 to build the second FTP site.
|
Figure 17
3. During the FTP configuration process, we often need to FTP share multiple directories with different paths. This can be done through a virtual directory, as shown in Figure 16 to create a new virtual directory. Completed through the New Virtual Directory Wizard. A virtual directory is a form of linking to other directories through a certain folder in the home directory. The content in this folder does not actually exist in the home directory, but the content actually exists in other directories. As shown in Figure 18 and Figure 19
 |
Figure 18
 |
Figure 19
4. At this time, please note that you need to create a folder named virtual directory under the F:�1 virtual emulation, the home directory that provides FTP site services, otherwise the virtual directory cannot provide FTP sharing services. As shown in Figure 20
 |
Figure 20
 |
Figure 21
[Cut-Page]
5. Discussion on the security of building FTP server on IIS
For FTP servers built through IIS, whether it is an anonymous account or an authorized account and password to access the FTP server, since the account and password authentication methods of the FTP service are spread on the network in plain text, any host can use data Packet interception software can intercept the account and password logged in to the FTP server. Therefore, its security needs to be enhanced in other ways.
6. Summary
For building an FTP server through IIS, you need to pay attention to the format of its hard disk . If the disk is in NTFS format, you also need to set its directory as a share or give the FTP client's account access rights to this folder. If it is in FAT32 format, then It can be constructed by the above method. For the security of the account on its FTP server, it is also necessary to strengthen the security verification through SSL encryption and other forms to prevent the account from being intercepted by others.
[Cut-Page]6. In the "FTP Site" tab, you need to modify the "Description" to an easily identifiable identifier, such as Ah Jiu's FTP site, and change the IP address to an IP address of the current host (in the case where the host has multiple IP addresses ). For example, if this machine is modified to the private address "192.168.112.128", the "TCP port" is the default FTP port "21". As shown in Figure 5
 |
Figure 5
7. Select "Allow anonymous connections" in "Security Account". If authentication is required when the client logs in, you can select the Windows user of the server through "Browse". As shown in Figure 6 and Figure 7
|
Figure 6
 |
Figure 7
8. Add the login welcome message and exit message of the FTP server in the "Message" tab, as shown in Figure 8
 |
Figure 8
