How to Create an FTP Site

By Paul Christian Nelis

Where Web servers, using the Hyper Text Transfer Protocol (HTTP), optimize around the myriad small and concurrent requests that characterize a Web page, File Transfer Protocol (FTP) servers optimize around moving very large files as quickly and accurately as possible. Learn how to quickly deploy a FTP site in support of an existing website.

Things You'll Need

  • Internet serverStatic Internet Protocol (IP) addressValid domain nameDomain Name Service (DNS) address recordFTP server softwaredisk space for files

Planning

Step 1

Ensure your Internet server can be used for FTP. If there is a firewall between your users and your FTP server, that firewall will need to permit the file transfer protocol. By default, FTP servers bind (operate using) ports 20 and 21. If the firewall prohibits traffic using these ports, you must either change the firewall rules or configure your FTP server to use non-standard ports. If you are working on an intranet, check with your network administrator for details around their policies. If you are working directly on the Internet, your Internet Service Provider (ISP) may have guidelines or rules you must follow.

Step 2

Plan disk storage space. As the purpose of FTP is larger file transfers, it's helpful to put the files for FTP on disks that are not used for frequent small file access. If your system is constantly struggling to serve FTP file to the Internet and other files elsewhere, there may be limited value in deploying an FTP server. Plan the directory structure for your FTP server in such a way as to segment the FTP files (uploads and downloads) away from files used for other purposes. This will allow you to set security controls on the FTP files without worrying about how and whether those controls are cascaded throughout the directory hierarchy.

Step 3

Obtain a static TCP/IP (IP) address for your FTP server. If your connection to the Internet is a typical consumer connection, the machines on your network probably get a temporary IP address from your provider, and periodically renew it. These temporary addresses are not guaranteed to remain the same over time, and this is not useful for your FTP server. If you FTP server's IP address is constantly changing, it may be difficult for your FTP consumers to locate your server on the Internet. This may be less true on a managed intranet, but only your ISP or your network administrator will be able to tell you for certain.

Step 4

Select a host and domain name to use. Though it is possible to use just your server's IP address as a destination for browser and FTP clients, it's not Internet friendly. Particularly for commercial use, the professional approach is to reference your FTP server by domain name. This article assumes you already have an Internet server, and thereby access to a valid domain name. If your Internet server were named "www.pixabing.org," you might consider naming your FTP server "ftp.pixabing.org." Assuming you have control of the domain pixabing.org, you could select nearly anything you like to add in front of it.

Step 5

Select your FTP server software. Popular consumer operating systems such as Microsoft's Windows NT and Apple's Macintosh OS X include FTP server software, but the versions for workstations are not as capable as those for servers. Server operating system licenses, however, are correspondingly costly. There are shareware and freeware products available for most operating systems as well as open source operating systems, such as Solaris, which include capable, no-cost FTP server software.

Implementation

Step 1

Install and configure your system. Pay particular attention to disabling any protocols and capabilities not necessary for FTP or other core purposes of the server. Programs and protocols that are not necessary for serving files through FTP may be used as back doors for hackers.

Step 2

Deploy your storage architecture. Establish the directory hierarchy from Planning Step 2. Remember to isolate the directories for security purposes, and to be savvy about the physical layout of the disks to avoid drive head contention with other applications on this server.

Step 3

Check your server's IP address. Using a simple "ping" test, ensure your server can be accessed by other systems on its intranet, or across the Internet. From a command line in any common operating system, type "ping" followed by the IP address of your system, e.g. "ping 198.5.160.243". This should result in a positive response from your FTP server. If there is a firewall between your FTP server and the machine on which you're executing the pIng test, the firewall could interfere with the test. Either disable that firewall rule, or select a machine on the same side of the firewall for starting the ping test.

Step 4

Check your server's DNS entry. Because DNS is a global system, it can take a day or more for a change made to DNS records to propigate across the globe. As with the IP test above, use ping again, but substitute your server's DNS name for the IP address. If your server's name was ftp.pixabing.org, you would type "ping ftp.pixabing.org." If you can succeed with an IP ping test, but not with a DNS ping test, then you must troubleshoot the address resolution issue with the DNS entry.

Step 5

Configure your FTP server software. This typically involves selecting the directories that FTP will serve to the community. A typical best practice is to leave one entire directory hierarchy for uploads and a different, parallel hierarchy for downloads. This makes the establishment of security a bit easier, and helps prevent accidental over-writing of the download files. It is also common to establish a false user account (pseudo account) that the FTP server will use for anonymous access to the download files. By establishing a special pseudo account for the FTP server, a savvy administrator can help ensure that users touching the files through FTP have rights to only the files explicitly allowed to that pseudo account.

Tips & Warnings

  • Do your planning before you begin loading.Plan your directories to separate download traffic from upload traffic.Disable anonymous access to your FTP site, where possible.Where anonymous access is required, establish a special pseudo-account for anonymous access to your FTP site.
  • Don't run protocols or capabilities you do not need on any server. Hackers may try to exploit security holes in these other protocols once your FTP server is visible on the Internet