Setting up a simple Windows FTP server using FileZilla

Leave a Comment / General, Windows / By / / Computers, DIY-Tech, HowTo, Windows
0
(0)

Lets look at setting up a simple Windows FTP server that will allow you to transfer files to and from it over the internet or local LAN network.

Windows FTP server FileZilla

What is a FTP Server ?

An FTP server, standing for File Transfer Protocol server, is a program that runs on a computer and allows other computers to transfer files to and from it. These transfers can happen over the internet or any other network that uses TCP/IP.

For instance FTP servers are especially useful for website server owners who need to upload files to their web hosting company, or for companies that need to exchange large files with each other.

It is also popular to use FTP on NAS or Network Attached Storage servers to allow for files to be accessed remotely In addition to other server rolls

FileZilla is a free and popular FTP client that you can use to connect to FTP servers. An FTP client is a program that runs on your computer and allows you to browse, upload, download, delete, rename, move and copy files on the remote server.

Think of it like a file explorer program, but for files stored on a remote server instead of your own computer. FileZilla is available for Windows, Mac, and Linux. There is also a FileZilla Server, which is a free FTP server program that you can install on your own computer.

Disclaimer: Filezilla makes it easy to implement a FTP server however lacks some security features such as SFTP, Filezilla only supports the FTP and FTP over TLS protocols as of this articles writing.

For a production type server maybe consider a Linux Alternative such as ProFTPD that does support SFTP

Why make use of an FTP server ?

Using FTP server has some advantages for transferring files across networks securely however care should be taken to set the FTP server up correctly.

Here are some of the advantages of using FTP servers

Efficient Large File Transfers:

FTP excels at transferring large files. Unlike email, which has file size limitations and can be interrupted during transfers, FTP servers allow for stable and reliable transfers of big files. This is crucial for businesses that deal with large datasets or media files.

Straightforward File Management using FTP:

FTP offers a well-established way to manage files on a remote server. Using an FTP client, you can easily browse directories, upload and download files, rename them, and even manage permissions for who can access the files. It provides a familiar file management interface for users.

Security (with encryption):

While basic FTP itself doesn’t encrypt data transfer, secure versions like FTPS and SFTP do. This ensures that sensitive information is protected while being uploaded or downloaded from the server. FTP servers can also be used to control access to files and folders allowing clients that use the server to only access what they are allowed.

Works Offline (partially):

While an active internet connection is needed to connect to the server initially, some FTP clients allow you to queue up files for transfer even when offline. The transfers will then be initiated automatically when you reconnect to the internet.

Wide Compatibility:

Furthermore FTP is a mature protocol that’s been around for a long time. This means it’s compatible with a wide range of devices and operating systems, making it a reliable choice for file transfers across different platforms.

Most if not all Web server hosting providers make use of FTP to upload websites and files to domains.

Thus, it is essential for web developers to become familiar with using and understanding at least the basics of using an FTP client.

Continue Transfers In Case Of Disconnections:

Most FTP servers allow for download and upload resume in the event that you got disconnected from the server while moving files. this is very handy especially when uploading large amounts of files. FTP client software will manage the upload and download for you.

However note that the server will have to implement this feature for it to work…

Breaking down FTP Server Security Quickly

Most importantly, FTP servers make use of additional security layers to help keep file transport safer and more secure, Lets look at some of the protocols used by FTP.

1. Functionality:

  • TLS (Transport Layer Security): This is not a file transfer protocol itself, but a security protocol that encrypts communication between two applications. It’s used in various protocols like HTTPS and FTPS.
  • FTP (File Transfer Protocol): This is the foundation for transferring files between computers. It doesn’t provide any encryption for the data being transferred by itself.
  • SFTP (SSH File Transfer Protocol): This is a secure file transfer protocol built on top of SSH (Secure Shell). It encrypts both data and commands during transfer, offering a secure alternative to FTP. Filezilla does not make use of SFTP at this time, Its mostly used on Linux Servers.

2. Security:

  • TLS: Provides encryption for the data stream, protecting it from eavesdropping or tampering during transfer.
  • FTP (basic): No encryption. Usernames, passwords, and file contents can be intercepted if not used with a secure version like FTPS.
  • SFTP: Encrypts both data and commands, making it more secure than FTPS.

3. Connection Management:

  • TLS: Can be used with various protocols, often requiring separate channels for commands and data transfer.
  • FTP: Uses separate control and data channels, which can be a challenge for firewalls.
  • SFTP: Uses a single SSH channel for both commands and data, simplifying firewall configurations.

4. Other Security Protocols for FTP:

  • FTPS (FTP over TLS/SSL): This adds a layer of TLS encryption on top of the standard FTP protocol, securing data transfer.
  • Implicit vs Explicit FTPS: There are two ways FTPS implements TLS – implicit (default port 990) and explicit (standard FTP port 21 with negotiation for TLS).

Lets Start setting up a Windows FTP Server

Firstly, you will need a Computer running Windows 10 or Windows 11 but also note that Linux can be used as well with other FTP software which is overall more secure.

Secondly, you will need a Static or Public IP. This IP is assigned from your ISP or Internet Service Provider.

Unfortunately many Internet Service Providers will not allow you to host home servers unless it is a business line and might charge you additional fees for allowing hosting capabilities. Moreover Its best to check with your ISP beforehand if you qualify and if they can provide you with a Static IP address…

Thirdly, you will need your computer to be setup on the network and have internet access.

1. Download Filezilla FTP Server and Client packages

In addition start by downloading the latest Filezilla server software, head on over to https://filezilla-project.org/ and download both the server and client software packages.

Next up install Filezilla Server on your Windows Computer. The installation is pretty straight forward and takes a few minutes.

Filezilla FTP Server setup

Insure that you install both the Server and the Administrative Interface. The Administrative interface will be used to configure the FTP server back-end later.

Filezilla Server Installer

Its a good idea to install the server as a service, But you can also select the option to manually start it when you need it. Depending on your requirements for the FTP server.

Filezilla Admin interface Port

Make sure to set a password for your Administrative Panel. This will be used later to connect the Admin Panel App to the FileZilla FTP server service running in the background to allow you to set it all up.

Filezilla Startup Settings

Select how you want the FTP server to start. usually you can leave this as default.

Pro Tip: On Windows for instance, you can use netplwiz to setup automatic login for a user so that when the PC starts up it will automatically login to an account which will then start the FTP server.

2. Setting up the FTP Server and settings

Filezilla Administrative Interface

After the Filezilla server is installed it will open the Administrative Interface, we need to connect to the Filezilla Server service that is running in order to configure it correctly.

After launching FileZilla, click on Connect to Server. It will as you to provide the password you set earlier and the port. which by default is : 14148

Note: That these settings are not used by other users, its only to connect the Admin interface to the FileZilla service.

Furthermore you can choose to save the password and also select to connect to the server by default on startup (When the Admin Interface app) is opened in future.

Upon connecting you should see the following console output in the Administrative panel. We will now move to configure the FTP server for use.

At the top under the Server menu entry select the configure option.

There are a few things we will need to change and implement in order for the Server to work correctly. Server Listeners are IP Addresses on which the FTP server will listen for connections. By default Filezilla will bind to all network interfaces that you have and listen on Port 21 by default.

Notice the Protocol option here. The default option is set to Explicit FTP over TLS and Insecure Plain FTP. This will work for basic setups but is not very secure. Instead we are going to change this to use Require Explicit FTP over TLS.

Next up select the Protocol Settings option on the left.

FileZilla Protocol Settings

Auto ban is useful for when bots try to beak into your server by spamming login credentials. Luckily here we can setup some form of security to mitigate this.

3. Passive vs Active FTP Connections

FTP servers make use of two different connections, Active and Passive.

What is the difference between Active and Passive modes ?

  • Traditional (Active Mode):
    By default, FTP uses active mode. In this mode, the client initiates a connection to the server’s control port (usually port 21). Then, the client tells the server which port on the client’s machine the server should connect to for data transfer. The problem arises if the client’s network has a firewall blocking incoming connections on random ports. The server’s attempt to connect back to the client might be blocked.
  • Passive Mode:
    To address this firewall issue, passive mode flips the connection initiation process. The client initiates a connection to the server’s control port as usual. But instead of telling the server a port to connect to, the client uses the PASV command. This prompts the server to listen on a random high-numbered port on its own machine and tell the client that port number. The client can then initiate a data connection to that specific port on the server, bypassing any firewall restrictions on the client-side.

In summery, passive mode allows the client to control the data connection initiation, ensuring it can connect to a port allowed by the client’s firewall. This makes passive mode the preferred option for most FTP transfers today.

Setting up Passive mode

Filezilla passive mode setup

Passive mode will require you to enter your static (public) IP address so it can route connections and traffic to the passive ports and routes.

Replace <YOUR STATIC IP HERE> with your own Static IP address that you got from your ISP (Internet Service Provider)

Usually I prefer to set the passive ports manually, starting from 61000 to 62000, just make sure you also forward these ports in your router on UDP as well as port 21 to allow outside traffic to actually access the server.

4. Setting up Users for FTP Server Access

It is time to setup users that will be allowed to use the FTP server. navigate to the Users option

Filezilla System users settings

By default, Filezilla will provide the option to give users that is on the windows PC access to their Home directory (indicated by the variable %<home>) such as Documents, Music, Pictures and so on.

While is can easily be enabled by checking the “User is Enabled” options what happens when you do not have a windows user account for each user you want to give access.

Adding a user account that is not part of Windows is fairly simple. On a hard drive create a folder and call it FTP followed by a user name. For example John Doe. In this example I will use the following directory: “C:\FTP\JohnDoe”

Adding additional User accounts

Next, in FileZilla’s Users settings section click on Add then provide the user name in the list under Available Users.

  1. Change the new User to the actual Account name, in my example its JohnDoe
  2. Check User is enabled option. To enable the users account.
  3. Use the dropdown and set it to Require a password to log in.
  4. Enter a good strong password
  5. Setting up a mount point. This will act like the virtual users home directory. Notice the slash “/” in front of the JohnDoe path.
Filezilla Users settings

Make sure the path exists and that you give it Read and Write permissions else this user wont be able to upload any files. If you change permissions to read only the user will only be able to read and download files. Useful for when you give them access to directories you do not want them to alter.

Add more directories as you with, just remember that the virtual path must start with a slash “/” and then the name of the directory. The virtual path name maps to the path of the folder on your system and can be different but must be unique. When done hit apply to save the changes.

At this point you should have a basic functional FTP server. We will test it next to see if we can connect to it.

5. Connecting to the Filezilla FTP server

Proceed by installing the Filezilla Client on a different Windows computer. The installation for the Filezilla client is straight forward with a few things to look out for.

Firstly. when asked to install 3rd party bundles app’s decline the offer. We only want the Filezilla client to install.

Secondly, when asked which user to install it for the default option should work perfectly well change only if you need too.

After installing the client open Filezilla and at the top provide your Servers Host IP address, the username and password and the FTP servers port.

Filezilla Client Quick connect

I am using my Local LAN IP for the server to test if the server is working correctly before I open it up to the internet.

When connecting we will be prompted to accept a Self Signed SSL certificate to enable TLS encryption which looks something like this.

Self Signed SSL certificate for TLS

Generally a self signed SSL certificate is fine if you intend to use this FTP server privately but it would be better to set up an actual SSL certificate through a trusted provider. This falls outside of the scope provided in this simple tutorial. The output we are looking for after connecting to the server is a follows.

Filezilla client connection to FTP server

Notice the output on the console and verification that we are indeed connected using TLS encryption.

Furthermore, you should see the user’s folder (Remote Site) on the right and your PC (Local Site) on the left…

6. Transferring Files To and From the FTP Server

Transferring files is fairly simple. you drag and drop folders and files from one panel to another. On the left is your computers files and folders that you are connecting from and on the right is the FTP servers remote files and folders.

For instance, If you want to download a file or folder from the FTP server, select it in the right (Remote Site) Panel then drag it to the left (Local Site) Panel.

To upload files and folders to the FTP server, select the file or folder in the Panel on the left then drag it to the desired folder on the right to send it to the FTP server.

FileZilla File transfer

Multiple Files and Folders can be queued up at the same time and Filezilla will by default process 2 at a time. You can change this behavior in the clients settings.

Your server will also display information in the Administrative Interface on which clients are connected. Which files are being transferred together with transfer speeds and remote IP information. This can be used to kick and even ban some bad actors. For more advanced administration check the Filezilla wiki here

FTP server console output

7. FTP Server Port Forwarding

Before users from the internet can access your FTP Server you will need to forward the ports associated with the FTP server. By default, FileZilla uses two main ports for transfers:

  1. Control Port (default 21):
    This port is used for initial connection and commands between the client and server. Most FTP servers will by default use port 21 TCP
  2. Data Port Or Passive Port (variable 49152-65535 Default):
    This port is used for transferring the actual files. By default, FileZilla uses passive mode, which requires a range of ports for data connections.

You can keep the default (21) or choose a different unused port number (generally above 1024).

As for the Data Port (Also known as passive ports) It’s recommended to define a range of ports for passive mode. Common choices are 49152-65535 or a similar high-numbered range.

In this tutorial we assigned the ports to 61000 – 62000

Forward Ports on Your Router:

  • Access your router’s configuration interface (usually by typing its IP address in a web browser).
  • Locate the port forwarding section. Consult your router’s manual if needed.
  • Create two forwarding rules:
    • One rule to forward the chosen control port (e.g., 21 TCP or your chosen number) to the internal IP address of the computer running FileZilla Server.
    • Another rule to forward the entire data port range (e.g., 61000-62000 TCP) to the same internal IP of your server.

What about Port 990 ?

Port 990 is primarily used for the FTPS (File Transfer Protocol Secure) protocol, specifically the control connection. FTPS provides a secure way to transfer files over a network by encrypting the communication between the client and server.

In addition, FileZilla can use port 990, but it depends on the specific FTPS (File Transfer Protocol Secure) mode you’re using:

  • Explicit FTPS (Recommended):
  • In this mode, FileZilla does not typically use port 990 by default. It uses port 21 for the initial connection and control channel, similar to standard FTP. Then, a separate port range is used for data transfer.
  • Implicit FTPS (Deprecated Not Recommended):
  • This mode is less secure and not recommended by FileZilla. If you specifically configure FileZilla for Implicit FTPS, then it would use port 990 for both the control channel and data transfer.

Thus for security reasons, it’s generally recommended to use Explicit FTPS (port 21) over Implicit FTPS (port 990).

You can get more information on port forwarding here

Conclusion

While its easy enough to setup a private FTP server using software like Filezilla, there are a few things to take into consideration.

Security is at the forefront of any server you intend to allow outside internet traffic to access. Filezilla lacks SFTP so for instance it might be better to run a Linux Server.

Using a trusted SSL certificate is highly advised. Filezilla offers support for Lets Encrypt so check that out if you want a better cert then a self signed one.

Over all consider maybe rending a server from a host provider and have a professional team deal with the security instead. But for fun, setting up a quick and simple FTP server on windows can be a good way to learn a little about web transfer technologies.

Check out our article on Setting up a simple Apache web server on Linux Ubuntu that can be used in conjunction with FTP servers.

How useful was this post?

Click on a star to rate it!

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top