||SurgeFTP - Brilliant, standards compliant, FTP server|
If you do not get the login username/Password prompt, in IE, go to Menu ->Tools , Security, click Internet Icon, click "Custom level" and scroll to bottom of the list, find User Authentication - Logon - Choose "Prompt for user name and password", click on OK, and OK on all other windows you just opened.
On NT, type in: net start SurgeFTP
On 95/98, type in: \windows\surgeftp.exe
On Unix, /usr/local/surgeftp/surgeftp_start.sh
Unfortunately, there is currently no way to start it remotely. You can run it in "stopped mode" where it does not accept FTP connections, but where you can continue to use the manager.
If you are accessing the web admin tool over the internet you should use the https://your.ftp.server:9021 port as it is secure for the admin password to be accessed. Ideally you should disable the http:7021 port from IPs other than 127.0.0.1, and change the 9021 port to something only you know of.
Web admin tool allows complete control of the SurgeFTP configuration. As such it could easily be used to gain access to anything on the file system, and
thus it could be used to take control of a
server. This is not a security
fault as such as it is
intended to have this ability so it can fully configure surgeftp. But you
should be aware of this and take
Create a DOS/SHELL window and type in:
(See note above, consider setting GLOBAL_ADMINIP)
In the web manager, click on 'Register' at the top.
This is a bug in Netscape. It steals all the CPU while waiting for a web page to arrive, but since the server is on the same system that means it responds slowly. You can fix it in task manager:- set the priority for netscape down to 'below normal' and suddenly it will work properly!
The number of concurrent users is Operating System dependent, and basically a matter of how many threads and file handles the operating system supports, without running too low. Here are the approximate figures...
you install SurgeFTP, it allows normal user access to
their home directory, defined by the system user
This is needed if you need to configure SurgeFTP to run as a particular user to access a network drive etc.
evaluation version of WS_FTP Pro is limited to 40 bit
encryption, and is unable to negotiate a common cipher
with SurgeFTP. This problem does not occur with the
registered version of WS_FTP Pro. FTP Connections
without SSL/TLS will work correctly.
When SSL is used your smart router / NAT fire wall which tries to 'spy' on the ftp protocol and automatically modify the pasv command and automatically create peep holes for the ftp DATA channels will fail, because you can't spy on SSL traffic (that's the whole idea of encryption, to make spying impossible :-)
If possible turn off 'smart ftp' features in your NAT/Router.
Create a 'class' in your surgeftp settings and setup manually the passive settings to be correct for outside your firewall:
Then in your NAT firewall, which in this case must have an external IP address of 126.96.36.199, you map the incoming ports '4021...4031' to your ftp server, ports 4021...4031
Then as long as you do transfers in passive mode it will work.
There is a general problem with the FTP protocol and firewalls, and that is FTP requires connections from the client to the server (passive mode) or from the server to the client (active mode), these are in addition to the 'control' connection. These extra connections are used to transfer the data or directory listing. The purpose of a firewall is to block all 'extra' ports, and so a firewall often stops this occuring. But don't panic, it can be fixed in most cases :-)
Here is what you must do/permit.
Check that your server can connect to any port on any machine outside your firewall. Use 'telnet' to test this, from your surgeftp server type in "telnet netwinsite.com 7110". You should get a single line response, if you don't then modify your firewall so it permits all outgoing connections from your ftp server and test again.
Second, to fix passive mode ftp you need to map some ports from your NAT box to your ftp server, typically you will map a block of 10 ports lets say from port 4021 to 4031, these should map from your external address to the same ports on your ftp server.
Then once you have that mapping configured in
your NAT router, then tell surgeftp about this mapping
with a class setting like this, lets assume your
EXTERNAL ip address is 188.8.131.52 and you mapped ports
class type="real" from="10.0.0.1" users="" groups="" name="" class_name="" passive_ipnumber "184.108.40.206" passive_port "4021" passive_port_max "4031" ...