Main

Home What's New Release Notes Screen Shots System Reqs Download Purchase Contact

Support

The Forum FAQ

Resellers

Affiliate Program

Extras

Press Release PAD File RFC959 RFC1123

RSS Feed

Visitor

Cerberus FTP Server FAQ

Up to Table of Contents
Backward to Installation	Forward to General Questions

3. Initial Setup

Q1: Why can't I assign a directory to the root directory?

You are not operating in Simple Virtual Director mode.

The virtual directory (VD) system allows the administrator to attach any directory or drive to the root. When a client requests the root directory from the server, the VDs you specify are sent to the client. The client can also navigate to any of the VD directories' subdirectories. The VD system takes care of all path translation.

Security settings can be specified for each virtual directory. All subdirectories under the VD inherit the security settings of the VD.

There are 2 modes that a user account can operate in with respect to the virtual filesystem. The two modes are simple and standard mode.

Simple Virtual Directory mode

When a user account uses simple directory mode, the administrator can only assign one directory to represent the virtual directory for that user. Instead of that directory being seen as a subdirectory off of the root, the virtual directory selected will be the directory the user is placed in when they first log into the server. In other words, the directory selected as the virtual root directory will be the root directory.

Standard Virtual Directory mode

In standard mode, the administrator may add as many directories as virtual directories to a user account as desired. The directories selected will appear as subdirectories off of the root when the designated user logs into the server.

Q2: My IP address begins with 192.168.xxx.xxx. Is there anything special I have to do for people to see my FTP Server on the Internet?

Addresses that begin with 192.168, or 10.0, or 172.16 are called private addresses. These addresses are only used for traffic on your local LAN. To allow people to connect to your server from the Internet, your router has to be configured to forward traffic to the machine running Cerberus FTP Server. This process is called Port Forwarding. While the exact procedure is depended on your router, there are generally three steps that need to be completed to connect to Cerberus from the Internet.

Forward the port Cerberus FTP Server is listening on (the default is 21) to the machine running Cerberus.
Forward the passive ports range from the router to the machine Cerberus FTP Server is listening on. The range is configurable and can be found on the 'Advanced' tab of the Server Manager.

Below is the Advanced tab of the Server Manager. From here you can select the ports that Cerberus will use for passive connections.

Below is an example of port forwarding in a Linksys router. The same passive ports specified in the Advanced tab of the server manager need to be specified here.

The above router is configured to forward requests on port 21 and from ports 11000 through 12000 from outside the local network (usually from the Internet for a home network) to the local machine at IP address 192.168.1.108. Any requests on those ports from the Internet will be forwarded to machine 192.168.1.108.
Enable "Detect WAN IP at Startup" from the 'General' tab of the server manager.

Q3: I am connected to the Internet through a router. How should I configure my router to allow FTP traffic?

After initiating the connection, the client instructs the server whether it desires to establish an "active" or "passive" FTP session. This determines the direction of the secondary "FTP data" connection:

Active FTP

Active FTP was the traditional default generally used by FTP client programs. Active FTP uses a "reverse data channel" that can cause problems when operating behind some older firewalls and NAT routers, though modern products have generally become "FTP aware". By comparison, passive FTP (see next section) has become the favored method of establishing a data coonnection, as it is more firewall and NAT router friendly.

FTP sessions are initiated by an FTP client's connection to port 21 of any FTP server. This establishes the "forward" command and control channel. In active FTP, an FTP client next opens a listening port on its machine, informs the remote FTP server of this port number, and requests the remote FTP server to connect from its port 20 back to the client on the port it has specified. This establishes the "reverse data channel" for transporting data.

Since many firewalls and NAT routers automatically block incoming connections to their protected client machines, the need to establish this second "reverse data channel" can cause trouble. Although passive FTP was created to overcome these problems, many modern firewalls and NAT routers have become "FTP aware". They monitor the outgoing control channel, interpret the client's request to the remote server, and open an incoming port back through the router to the client machine. Active FTP clients can thereby operate behind FTP aware firewalls and NAT routers without trouble.

Passive FTP

Passive FTP protocol was created to overcome the firewall and router problems associated with active FTP's need to establish a reverse data channel back from the server to the client. Passive FTP operates just like active FTP except that both the initial control channel (to the server's default port 21) and the data channel (to a port specified by the server in response to a client PASV command) are initiated by the client and received and accepted by the server. Because passive FTP does not use a "reverse data channel" approach, it is often more friendly to firewalls and NAT routers, though most modern NAT routers are now "FTP aware".

To configure for passive FTP (the preferred method), see Q2: My IP address begins with 192.168.xxx.xxx. Is there anything special I have to do for people to see my FTP Server on the Internet?