Win2k server public access to FTP

[dreadbeast]

I just want to start off by saying I'm still fairly new, and am trying to put my posts into the right forums, please take pitty on me if I make mistakes


OK, I set up an FTP server on win 2k server sp4. I have no problem loggin into it locally by typing the subnet address (192.168.0.5) into my IE browser, but my router is the default gateway and has a dynamic IP address. But I'm local, anyone remote, would have to type in something different. I've also allowed all permissions to "everyone" and have the login security set to anyomous, so I think that's ok. In order to allow public access to my FTP server will I need DNS, and because my IP is prone to be changed will I need to forward my IP address? If I was to give my dad, who's half way across the country from me, my ISP IP, and then the computer with the FTP's IP, how should he type it, and would this work? Also, because I have a router as my default gateway, I'm worried that this poses a new set of problems. I'm not looking for everything to be perfect, I just want public access to this, I'll perfect it from there. Thanks for your time and expertise.

Respectfully,
Dreadbeast





How can I defend something that's simply not there?

[sec_ware]

first point:
you need kind of "static DNS for dynamical IP". Check [1], [2],[3] and [4].
Alternatively, your dad could call you and you tell him the actual IP number.
Or you publish it somewhere on the web, where he can read it.

second point:
make sure that your router forwards the incoming traffic on port 21 to the
correct host (192.168.0.5 ?). Eg in the SUA settings for simpler modes.
also check your firewall/packetfilter settings on ther router/server.

third point:
ftp server: check [5]

fourth point: i don't get
dreadbeast> I've also allowed all permissions to "everyone"
where, what do you mean? your local file system settings?

fifth point: why not using ssh/sftp[6] ?

sixth point: we might have to discuss in more detail some "security issues" here.

cheers


[1] http://dns2go.deerfield.com/
[2] http://www.technopagan.org/dynamic/
[3] http://www.no-ip.com/
[4] http://www.dyndns.org/
[5] e.g. http://www.zdnet.de/downloads/prg/7/...058374-wc.html
[6] http://www.openssh.com/

[dreadbeast]

By permissions to everyone I went into the default FTP folder (c:\inetpub\ftproot ) I right clicked on the folder and set the permissions so that the user "everyone" could have all forms of public access.

I'm still going through the links you sent me, as there is eons of useful information there (thanks). I'm seeing how important the DNS is, but I'm wondering if I give my dad the IP address I have right now, could he connect to my server right now, as long as I've set the port forwarding? If this is possible, would what he types into his browser address bar look like this: ftp://xxx.xxx.xxx.xxx:21. If not, what should the address look like?


I know I know, you're probably cringing at the thought of my insecurity....

[sec_ware]

Hi

Yes, your dad will be able to connect to your ftp-server using
ftp://xxx.xxx.xxx.xxx (no :21 needed). In case you disable anynomous
login: ftp://username@xxx.xxx.xxx.xxx.

For your needs it might be simpler to give him your IP. How often does it change?
Once per 48h? more often?

A good article about securing that win2k ftp server[1]. Check file permissions etc in detail please.
[1] http://www.windowsecurity.com/articl...TP_Server.html

[Winston]

The simplest option would be to use a dynamic DNS service. A small program is installed on the server that just updates the DNS when needed. Check out www.no-ip.com I didn't have much time to check it out but it seems cool. Watch out for spyware though.


EDIT: It's late, I'm tired, my link has already been given. Goodnight y'all. I'm outtahere.

[valhallen]

i use dyndns.org along with direct update as i have a dynamic ip addy and i run an ftp server. It works pretty well for me
never had an issue with it and is a synch to set up - you just leave it running and forget about it

v_Ln

[dreadbeast]

I had found a link to the direct update program, it looks good, and you can use it for free for as long as you want. I also found a DNS host as well for free. http://www.DYNDNS.COM It turned out to be much simpler than I had expected it to be.

Now I have some new problems.... since I'm using win 2k server I assume I'm using IIS 5.0. Ok with this there comes the security issue, which I haven't figured out yet, but we'll get to that at a much later date. I've been having my dad download bmp files from me, but they are slower than death. I've monitored my network communication with the network monitor while the bmps are being downloaded, and I'm not even comming close to using all of my bandwidth. When I go into the properties of my server I haven't set any throttle limit. So shouldn't it in therory, use as much bandwidth as possible? If you are to download something from my server this very second, it's transfer rate would be about 2k/s. I know that the upload of cable is slow, but it's not that slow. The computer is a fast new computer with 512 ram and 3200+ AMD chip, with some other goodies, so resource shouldn't be the case. I'm guessing there is something I need to configure, but I can't seem to find any information about it on the internet.

I've come a long way, thanks for the help.

[CXGJarrod]

You cable might offer a fast download, but a poor upload speed. You should check and see what they offer.