Interface Settings

Configuring Interface Settings

An interface or listener is simply an IP address, port, and protocol combination that the server is accepting connections on. For example, you can add an FTP listener on port 21 and attach it to an IP address. It can be an IPv4 or IPv6 address. The “Default” interfaces represent the settings that will be applied for newly detected interfaces. There are several different parameters that each interface can have:

Interfaces page in the Server Manager

Interfaces page of the Server Manager

Types of Listeners

There are five types of listeners that you can add to an IP address:

The first two allow regular FTP as well as different forms of secure FTP while the SSH2 SFTP listener is for establishing connections over the SFTP protocol (a completely different protocol from FTP, despite the similar name). The HTTP and HTTPS listeners allow web client connections to the server using either the unsecure HTTP protocol or encrypted HTTPS protocol.

There are two types of secure FTP connections possible, FTPS and FTPES. FTPS is usually referred to as implicit FTP with TLS/SSL security. Its closest analog is HTTPS. It is basically the FTP protocol over a TLS/SSL secured connection. This form of secure FTP is deprecated but widely supported and still in use. This is what a Cerberus FTP Server FTPS listener is for and this type of listener typically listens on port 990. Note, the settings “Require Secure Control” and “Require Secure Data” are meaningless for this type of listener. Connections established to an FTPS listener can only be established securely.

FTPES, which is often referred to as explicit FTP with TLS/SSL security, is a modification of the FTP protocol that starts out over an insecure, normal FTP connection and is then upgraded to a secure connection through FTP command extensions during login. This is the preferred method of secure FTP because it allows SPI firewalls to know that there is FTP traffic occurring on the connection. You establish FTPES sessions using a normal Cerberus FTP Server FTP listener, typically over port 21. Both unencrypted FTP and explicit TLS/SSL connections can be established to this type of listener. You cannot establish an implicit FTPS connection over this type of listener.

Adding a New Interface Listener

Cerberus FTP Server supports adding multiple listening interfaces for a given IP address. This allows you to have Cerberus accepting connections from different protocols on multiple ports. The only requirement is that each listener be on a unique IP/port combination. You can add FTP, FTPS (for implicit secure FTP only), SSH2 SFTP, HTTP or HTTPS listeners.

Select the “plus” icon next to the interface list box to add a new interface. A new dialog box will appear to ask for the interface details (interface IP, type, and port combination). Selecting the “X” icon will prompt you to delete the selected interface listener.

Interface Settings

Listen Port This setting is the port that this interface will listen on for connections. For FTP, this is the control connection port.
Max Connections The setting determines the maximum number of simultaneous connections that can connect to this interface listener.
Require Secure Control (Applies to FTP only) If enabled, only secure control connection will be allowed. This is required to protect passwords from compromise on unsecured networks with FTP.
Require Secure Data (Applies to FTP only) If enabled, only secure data connections will be allowed. All directory listings and file transfers will be required to be encrypted.
Don’t Use External IP for Passive connections If this option is checked, Cerberus will always use the internal IP address when the incoming connection originates on the local network.
Passive IP Options
  • Auto Detect – If WAN IP auto detection is enabled then use the WAN IP for the PASV command, otherwise use the interface’s IP.
  • Specify PASV IP – Allows the administrator to specify what IP address is returned in response to a PASV command
  • Use DNS service – Allows use of DNS names like The address specified will be examined at regular intervals and the IP address that represents that DNS name will be used in PASV commands.
Show Welcome Message If checked, the server will send a welcome message during user login for FTP/S, SSH SFTP, and the HTTP/S web client (note, some FTP and SFTP clients won’t display the welcome message).
Allow User Updates (Applies to HTTP/S only) If checked, the user will be allowed to update his or her personal account information (first name, last name, email, or telephone number) through the HTTP/S web client.
Allow Web Account Requests (Applies to HTTP/S only) If checked, users can request new accounts through the HTTP/s web client.
Allow Web Password Resets (Applies to HTTP/S only) If checked, users can request a reset of their password through the HTTP/s web client. Several constraints must be met for the password reset feature to be active for a user account. The user must have an email address configured on their account, and the user must have previously selected and answered two security questions to be associate with their account. Finally, the administrator must have an SMTP server defined for sending emails.
Company Name (Applies to HTTP/S only) The company name to display in the web client page title
Logo Image (Applies to HTTP/S only) The logo image to display in the web client header. This image’s dimensions should be 230 by 70. The image format should be one that is supported by all web browsers. We recommend PNG, GIF, or JPEG
Login Image (Applies to HTTP/S only) The image to display on the web client login page. This image’s dimensions should be 70 by 70. The image format should be one that is supported by all web browsers. We recommend PNG, GIF, or JPEG
Default Web Directory List Count (Applies to HTTP/S only) The default number of entries that appear in the web client file list.
Show Timezone on Dates (Applies to HTTP/S only) Toggles displaying timezone information for files and directories in the web client
Display Local Time (Applies to HTTP/S only) Toggles between displaying server local time or UTC time for files and directories in the web client
Configure CAPTCHA (Applies to HTTP/S only) Configures Google reCapatcha for the web client login and web requests pages.
Redirect requests to HTTP/S listener (Applies to HTTP only) Any requests that come in over this HTTP listener will be redirected to the same address using HTTPS.

The “Default” Interfaces

There is a Default interface for each type of listener (FTP, implicit FTPS, SFTP, HTTP, and HTTPS). When a new interface (IP address) is detected, that interface will receive an FTP, FTPS and SFTP listener and each of those listeners will be assigned the values of the appropriate “Default” interface at the time of detection. For example, If the “Default FTP” interface was defined to be on port 21, then when a new interface is detected for the first time it will receive an FTP listener on port 21 with the values of the Default FTP interface. Those settings then become the settings for the newly detected interface. Note that the new interface’s settings are not linked to the “Default” interface in any way. The “Default” interface simply represents the values that newly detected interfaces will be initialized with. Changing the values of the “Default” interface wouldn’t change any values on existing or previously detected interfaces.

For example, when you first install Cerberus FTP Server, the “Default FTP” interface is set to port 21 (the default FTP listening port) and all interfaces detected during that first start will receive FTP listeners with that port value. If you later change the “Default FTP” interface settings then that change will have no effect on existing interfaces.

It is also worth noting that Cerberus remembers the settings for interfaces that were previously detected but might have changed. For servers that have dynamic addresses that constantly change or cycle between a range of addresses, Cerberus will “remember” the old values and apply those instead of the “Default” settings if that interface address is later detected again.

Un-checking the box next to each Default interface will disable automatic listener activation for that interface type when a new interface is detected.

Interface Status Controls

Interfaces can also be enabled or disabled from the main Cerberus FTP Server user interface:

Checking an interface makes it active and starts a listener for connections on the specified IP and port address. Un-checking the interface disables the listener. Disabled listeners will no longer accept connections.