How to Set Up File Transfer Protocol Server on Same Server as Proxy Server (210459)


The information in this article applies to:

  • Microsoft Proxy Server 2.0
This article was previously published under Q210459

SUMMARY

This article describes how to set up Microsoft Proxy Server 2.0 packet filters to enable incoming Internet File Transfer Protocol (FTP) clients to connect to a local FTP server that resides on the same computer as Proxy Server 2.0 (for example, Microsoft Small Business Server).

NOTE: The FTP service is not installed by default on Small Business Server (SBS) 4.5. For information about installing FTP, refer to the following Microsoft Knowledge Base article:

195146 FTP Not Installed by Default in Small Business Server 4.5

MORE INFORMATION

Non-passive mode (or traditional) FTP requires two static filters. One filter is used for the FTP control connection, and the other filter is used for the FTP data connection.

The following table shows the custom filter you need for a non-passive FTP control connection.

Protocol ID=TCPDirection=IN
Local Port=Fixed, 21Remote Port=Any
Local Host=Default Proxy External IP AddressesRemote Host=Any Host

To add the control connection custom filter:
  1. Click Start, point to Programs, point to Microsoft Proxy Server, and then click Microsoft Management Console.
  2. Click the plus sign (+) next to Internet Information Server to expand the list of servers.
  3. Click the plus sign (+) next to the name of your server to expand the list of services.
  4. Right-click Winsock Proxy, and then click Properties.
  5. On the Service tab, click Security.
  6. On the Packet Filters tab, click Add.
  7. On the Packet Filter properties page, click Custom Filter Radio.
  8. In the Protocol ID box, click TCP.
  9. In the Direction box, click In.
  10. In the Local port section, click Fixed port, and type 21 in the Fixed port text field.
  11. In the Remote port section, click Any.
  12. In the Local host section, click Default Proxy external IP addresses.
  13. In the Remote host section, click Any host, and then click OK.
The following table shows the custom filter you need for a non-passive FTP data connection.

Protocol ID=TCPDirection=BOTH
Local Port=Fixed, 20Remote Port=Any
Local Host=Default Proxy External IP AddressesRemote Host=Any Host

To add the data connection custom filter:
  1. On the Packet Filters tab, click Add.
  2. On the Packet Filter properties page, click Custom Filter Radio.
  3. In the Protocol ID box, click TCP.
  4. In the Direction box, click Out.
  5. In the Local port section, click Fixed port, and type 20 in the Fixed port text field.
  6. In the Remote port section, click Any.
  7. In the Local host section, click Default Proxy external IP addresses.
  8. In the Remote host section, click Any host, and then click OK.
  9. Restart the Proxy Server services if prompted.
  10. Stop and restart the Winsock Proxy service if you are not prompted to do so.
The following table shows the additional custom filter you need if you want to use passive-mode FTP.

Protocol ID=TCPDirection=BOTH
Local Port=Dynamic, 1025-5000Remote Port=Any
Local Host=Default (or refer to the note in step 8 below)Remote Host=Any Host

To add the additional custom filter you need for passive-mode FTP:
  1. On the Service tab in Winsock Proxy service properties, click Security.
  2. On the Packet Filters tab, click Add.
  3. On the Packet Filter properties page, click Custom Filter.
  4. In the Protocol ID box, click TCP.
  5. In the Direction box, click Both.
  6. In the Local port section, click Dynamic port (1025-5000).
  7. In the Remote port section, click Any.
  8. In the Local host section, click Default Proxy external IP addresses.

    NOTE: You can change this setting to reflect the Proxy Server computer's external interface configuration.
  9. In the Remote host section, click Any host, and then click OK three times to apply the changes.
When you use non-passive FTP, the client connects to the server making a control channel. For each data operation, the client tells the server how to connect back to it, specifying the parameters for the data connection (data port, transfer mode, representation type, and structure). The server then uses these parameters to make the data channel.

Non-passive FTP communication is the same model for FTP that is specified in the Internet standard draft for FTP (RFC 959) and has been traditionally used on all TCP/IP networks in the past.

Non-passive FTP is required for all FTP service implementations and is the mode of FTP communication that Web Proxy service uses in Microsoft Proxy Server versions 1.0 and 2.0 by default.

Passive FTP differs from non-passive FTP in that the client is responsible for making all connections with server, including the initial connecting request and subsequent data channel connections.

REFERENCES

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

174785 Packet Filter Driver Blocks All Non-Proxy Requests

174922 Proxy Server 2.0 Release Notes

Modification Type:MajorLast Reviewed:12/16/2002
Keywords:kbenv kbinfo kbnetwork KB210459 kbAudDeveloper
©2002 Microsoft Corporation. All rights reserved.