Wednesday, September 8, 2010
By: Matthew Doucette
Last Updated 2013-NOV-17.
Bare bones FileZilla FTP Server installation tutorial:
- Download FileZilla FTP Server:
Visit filezilla-project.org and click "Download FileZilla Server (Windows only)" to download the FileZilla FTP Server to your computer.
The install filename is "FileZilla_Server-0_9_41.exe" in my example, and yours should be something close to it.
- Run the install file:
It was "FileZilla_Server-0_9_36.exe " in my example. Double click this to run it.
- Choose "Standard", which should include "FileZilla Server (Service)", "Administration interface", "Start Menu Shortcuts", and "Desktop Icon", but not include "Source Code".
You can change this if you want, but unless you want to dive into source code and programming, leave it as "Standard".
- The default install location of "C:\Program Files\FileZilla Server" (or "C:\Program Files (x86)\FileZilla Server" on 64-bit Windows) is fine
- Choose "Install as service, started with Windows (default)".
If you choose "Install as service, started manually", you will have to go into Windows Services (by running "services.msc") and manually start it. It makes no sense.
If you choose "Do not install as service, start server automatically (not recommended)", this installs it as a program. This is not recommended because:
"Running it as a program is not recommended because it then runs in the context of the logged-on user. So it neither will run when no user is logged on (the state real servers are in most of the time), nor will it run correctly if the logged-on user has restricted permissions. Therefore it's not recommended." - http://forum.filezilla-project.org/viewtopic.php?p=68751#p68751Choose port 14147 (the default). This is the port for the interface to connect to the server. This has nothing to do with FTP ports at all.
Enable "Start Server after setup completes", which should be enabled by default, just so we can get right into it without rebooting the computer or manually starting the service.
- Choose "Start if user logs on, apply to all users (default)", unless you want the server service to only start with the current user, I don’t, or if you want it to start manually, which I don’t recommend. I want the ftp server to be running all the time. It depends on what you want.
Enable "Start Interface after setup completes", to jump right into things.
- Click "Install".
- Click "Close" after install completes.
- A "Connect to Server" dialog box should appear (which will appear every time you boot your PC). This is the "FileZilla Server Interface" (which is how you setup your server). The FileZilla Server itself should already be running, which you can double check by running "services.msc" and finding "FileZilla Server FTP server" in the list, which should have "Status" as "Started" and "Startup Type" as "Automatic", which means it is started right now and will start automatically without having to come back into Windows Services to do it manually.
Leave "Server Address" as 127.0.0.1, that’s your computer.
Leave port as "14147", as we already set it to be that earlier.
Set an administration password if you would like, I recommend it even though I could not connect to my server off site without one (it doesn’t mean someone else can’t).
Enable "Always connect to this server". This, I think, means that you want to connect to the server each boot automatically. I thought previous settings we have already set would already do this. If you know more about this "Always connect to this server" option, please let us know.
- Now the "FileZilla Server (127.0.0.1)" window should be open, this is the "FileZilla Server Interface" (how you setup your server).
- Let’s setup a user:
"Edit" menu, click "Users".
You should be on the "General" page.
Under "Users", click "Add".
Choose a username and group (which I just leave as ""). On newer versions of FileZilla you can leave the default setting for "User should be member of the following group:" to "<none>" in the drop down box. I assume you would have to create a group first for it to appear in this drop down box. So if you want to do a group, go ahead and create one before creating a user.
Enable "Password" and choose a password.
Enable "Force SSL for user login" to make this an FTPS (also known as FTP over SSL, FTP Secure, or FTP-SSL) server. Other settings will actually set the server as FTPS, as this setting merely forces SLL for the user login and does not change whatever the server currently happens to be.
Click on "Shared Folders".
If you do not already have a folder designated to be the location this user has access to, create one. I create an "ftp" folder on my my external hard drive that I use for backing up everything on my system. This setup allows Jason and I to use this external hard drive for backing up files from other computers too, on top of using it to send files.
Under "Shared Folders" (same name), click "Add".
Choose the folder, in my case I choose the "ftp" folder I just spoke of earlier on my external hard drive.
I give full permissions for files and directories (folders): Read, Write, Delete, Append, and Create, Delete, List, Subdirs.
- Let’s setup the server settings:
"Edit" menu, click "Settings".
Go to "Passive mode settings".
Under "IPv4 specific", click "Default", which should already be the default setting...
...however: The FileZilla FAQ says that some firewalls prevent the server from determining its own external IP, and the "Use the following IP" setting must be used instead: You have to type in your computer’s IP, which you can get by visiting whatismyipaddress.com. Please note this setting requires manual updating whenever your IP changes, which is more work. Once, I used this setting and my IP changed but I forgot to update the IP under "Use the following IP" and the result was I was able to login and create folders (I didn't try to upload a file), but I could not get a directory listing, so I could not see what files were on the FTP. As soon as I updated "Use the following IP" to the new proper IP, the FTP worked in all ways. At this point, to avoid this situation again, I tried the "Default" setting and it worked for me, so I left it with this setting and now recommend you try "Default" first. Also, there is a "Retrieve external IP address from" option, which also defaults to using the PHP program at http://ip.filezilla-project.org/ip.php to determine the IP. For me it returned "127.0.0.1", which is not an external IP. It is the localhost IP, which means "this computer", which to you means your computer and to me means my computer. It's an IP that always points to your own computer. You can try that PHP program yourself, manually, but clicking the http://ip.filezilla-project.org/ip.php link. It may try to download a file, and, if so, save the file and open it to see the result. If it's not your external IP, matched by what whatismyipaddress.com gives, then do not use it. If you are a capable computer programmer with your own website, you could code your own program to result in the proper external IP and link FileZilla FTP Server to it instead.
Also enable "Use custom port range" and set it from "5000" to "5100", as recommended in the FileZilla FAQ.
Go to "Logging"
If you don't want to log what's happening, then skip this, but I would recommend it. If you are worry about huge log files, you can set the logs to delete after 30 days or something, which is exactly what I do:
Enable "Enable logging to file".
I leave the "Limit log file size to ___ KB" disabled.
Choose "Use a different logfile each day (example: fzs-2003-02-10.log)", which I choose to easily find the day I am looking for, if and when I need to.
Enable and set "Delete old logfiles after ___ days" to 30 days. This is so if you need to look, the logs are there. But there is no sense is saving all your logs unless you wish to. We do not do anything important enough to care about this. Our FTP only accesses our backup files which are mostly unimportant to everyone and anyone on the Internet.
If you notice, all log files will be saved in the "Logs" subfolder in the FileZilla Server folder. Look there for them!
Go to "SSL/TLS settings".
Enable "Enable FTP over SSL/TLS support (FTPS)".
Notice that the 990 port is now to be used instead of the default 21 port for regular insecure FTP.
Click "Generate new certificate…", you are about to generate your own security certificate!
Fill it all in. We used:
- 1024 bit encryption
- 2-Digit country code = "CA" for Canada
- Yarmouth, Nova Scotia for our location fields
- Organization = "Xona Games, Inc."
- Organization Unit = "Secure Services Division" suggested from "How to Obtain Your Own SSL Certificate"
- Common name (Server address) = use your external IP, the same one you get from visiting whatismyipaddress.com.
- I put down our company contact email address for our email.
Click "Browse…" and choose a place to save the certificate file. I wouldn’t put this in the ftp folder we chose earlier, but maybe close by it. In fact, I have a folder that holds most of my Xona Games stuff, and I have an ftp folder off of that which holds information and files relating to my ftp setup, and I place it there. You may wish to store the page you are reading right now, by saving a bookmark URL file, in the same ftp folder in order to reference it later.
Click "Generate certificate".
Go to "Autoban".
If you don't want to autoban IPs, then skip this step. FileZilla Server states, on this page:
"By default, FileZilla Server throttles incoming connects after some failed login attempts. This makes attempts to break into the server impractical. However, a legitimate user would still be able to logon at any time. If you're feeling paranoid, you can enable an automatic ban upon multiple failed login attempts. Be advised that automatic banning can be abused for denail of service attacks, so use with care."
Basically what this means is you cannot try and retry to login into the server as fast as a computer can do it, like thousands of times per second or something. So that is the built in protection. I just noticed someone from Costa Rica trying to break into our FTP server, over and over again, for about a half hour, so we have implemented the autoban, as follows:
Enable "Enable automatic bans"
Set "Ban IP address after ___ failed attempts within one hour (min. 10)" to 10. This is the minimum value accepted. I wanted it to be 3/day, not 10/hour. I emailed the software developer about this personally to ask why this is the minimum.
Set "Ban for ___ hours (1-999)" to 999 hours, which is 41.6 days or 5.9 weeks or 1.4 months. This is because if we autoban ourselves, accidentally, we can manually unban ourselves quickly. This may be different for you. Chose these values accordingly.
Now press "OK" to the "FileZilla Server Options" window.
- If you are behind a Router, you have to forward the 990 and 5000..5100 ports to your computer’s internal IP.
Find your Internal IP, but going to Windows Run (Windows key + R) and running "cmd", which launches the command prompt. You should see a "C:\" prompt or something similar. Type "ipconfig" and press enter. The value of the "IP Address" (or "IPv4 Address") is your internal IP. If this IP matches the IP shown at whatismyipaddress.com then you are probably not using a router and are connecting directly to the Internet and can skip this step.
If your router asks for both internal and external start and end ports, then enter the ranges for both internal and external. By the way, the range for a single port such as 900 would be 900..900.
Next, forward the port 990 and the ports 5000..5100 to your internal IP. This can be done by logging into your router which is something you will have to look up and research how to do. I can access my router by visiting http://192.168.0.1/, but this may be different for you.
Do not confuse "Port filtering" with "Port forwarding" (also called just "Forwarding"). Port filtering settings will not ask you for the IP to forward to, it will only ask you for the port range. Just a heads up.
- Allow FileZilla FTP Server in your firewall settings. This should already be done in the installation, but check to make sure.
Find and open up Windows Firewall:
Windows XP: Go to "Control Panel", "Security Center", "Windows Firewall".
Windows Vista: If you search "firewall" by pressing the Windows key and typing it out, you should jump right to it.
Add "FileZilla server.exe" by going to "Exceptions" tab, click "Add Program…", click "Browse…" as it will not show up in your list of programs, find "FileZilla server.exe" and add it. It was found in "C:\Program Files\FileZilla Server\FileZilla server.exe" on my Windows XP system.
If you are setting it up for Windows 8 Firewall, follow Setting up FileZilla Server with Windows 8 Firewall on FileZilla Wiki. Be sure to allow the "FileZilla Server" specifically, which is "C:\Program Files (x86)\FileZilla Server\FileZilla server.exe" for me, by using the browse feature. It does not appear in the list normally. What appears in the list is the "FileZilla Server Interface" which is the interface, not the actual server.
If you are setting it up for other Windows Firewalls, see if on Network Configuration on FileZilla Wiki will help.
- Try logging into the server!
Please note that you have a different internal and external IP (if you are connecting indirectly to the Internet via a router or something similar) then you can only connect to your server using your internal IP if you are trying to connect form the same computer. In this case, the external IP will not work from the same computer. And this does not test your firewall settings, it skips the firewall completely. So this does not fully test your FTP server.
P.S. Please send us your feedback and corrections. If you have situations or stories you would like to share, we can append them to this article.
Document also edited by Jason Doucette.
About the Author: I am Matthew Doucette of Xona Games, an award-winning indie game studio that I founded with my twin brother. We make intensified arcade-style retro games. Our business, our games, our technology, and we as competitive gamers have won prestigious awards and received worldwide press. Our business has won $190,000 in contests. Our games have ranked from #1 in Canada to #1 in Japan, have become #1 best sellers in multiple countries, have won game contests, and have held 3 of the top 5 rated spots in Japan of all Xbox LIVE indie games. Our game engines have been awarded for technical excellence. And we, the developers, have placed #1 in competitive gaming competitions -- relating to the games we make. Read about our story, our awards, our games, and view our blog.