Microsoft KB Archive/210459

= How to Set Up File Transfer Protocol Server on Same Server as Proxy Server =

Article ID: 210459

Article Last Modified on 12/16/2002

-

APPLIES TO


 * Microsoft Proxy Server 2.0 Standard Edition

-



This article was previously published under Q210459



SUMMARY
This article describes how to set up Microsoft Proxy Server 2.0 packet filters to enable incoming Internet File Transfer Protocol (FTP) clients to connect to a local FTP server that resides on the same computer as Proxy Server 2.0 (for example, Microsoft Small Business Server).

NOTE: The FTP service is not installed by default on Small Business Server (SBS) 4.5. For information about installing FTP, refer to the following Microsoft Knowledge Base article:

195146 FTP Not Installed by Default in Small Business Server 4.5



MORE INFORMATION
Non-passive mode (or traditional) FTP requires two static filters. One filter is used for the FTP control connection, and the other filter is used for the FTP data connection.

The following table shows the custom filter you need for a non-passive FTP control connection.

To add the control connection custom filter:
 * 1) Click Start, point to Programs, point to Microsoft Proxy Server, and then click Microsoft Management Console.
 * 2) Click the plus sign (+) next to Internet Information Server to expand the list of servers.
 * 3) Click the plus sign (+) next to the name of your server to expand the list of services.
 * 4) Right-click Winsock Proxy, and then click Properties.
 * 5) On the Service tab, click Security.
 * 6) On the Packet Filters tab, click Add.
 * 7) On the Packet Filter properties page, click Custom Filter Radio.
 * 8) In the Protocol ID box, click TCP.
 * 9) In the Direction box, click In.
 * 10) In the Local port section, click Fixed port, and type 21 in the Fixed port text field.
 * 11) In the Remote port section, click Any.
 * 12) In the Local host section, click Default Proxy external IP addresses.
 * 13) In the Remote host section, click Any host, and then click OK.

The following table shows the custom filter you need for a non-passive FTP data connection.

To add the data connection custom filter:
 * 1) On the Packet Filters tab, click Add.
 * 2) On the Packet Filter properties page, click Custom Filter Radio.
 * 3) In the Protocol ID box, click TCP.
 * 4) In the Direction box, click Out.
 * 5) In the Local port section, click Fixed port, and type 20 in the Fixed port text field.
 * 6) In the Remote port section, click Any.
 * 7) In the Local host section, click Default Proxy external IP addresses.
 * 8) In the Remote host section, click Any host, and then click OK.
 * 9) Restart the Proxy Server services if prompted.
 * 10) Stop and restart the Winsock Proxy service if you are not prompted to do so.

The following table shows the additional custom filter you need if you want to use passive-mode FTP.

To add the additional custom filter you need for passive-mode FTP:
 * 1) On the Service tab in Winsock Proxy service properties, click Security.
 * 2) On the Packet Filters tab, click Add.
 * 3) On the Packet Filter properties page, click Custom Filter.
 * 4) In the Protocol ID box, click TCP.
 * 5) In the Direction box, click Both.
 * 6) In the Local port section, click Dynamic port (1025-5000).
 * 7) In the Remote port section, click Any.
 * 8) In the Local host section, click Default Proxy external IP addresses.

NOTE: You can change this setting to reflect the Proxy Server computer's external interface configuration.
 * 1) In the Remote host section, click Any host, and then click OK three times to apply the changes.

When you use non-passive FTP, the client connects to the server making a control channel. For each data operation, the client tells the server how to connect back to it, specifying the parameters for the data connection (data port, transfer mode, representation type, and structure). The server then uses these parameters to make the data channel.

Non-passive FTP communication is the same model for FTP that is specified in the Internet standard draft for FTP (RFC 959) and has been traditionally used on all TCP/IP networks in the past.

Non-passive FTP is required for all FTP service implementations and is the mode of FTP communication that Web Proxy service uses in Microsoft Proxy Server versions 1.0 and 2.0 by default.

Passive FTP differs from non-passive FTP in that the client is responsible for making all connections with server, including the initial connecting request and subsequent data channel connections.

