Question Need help setting up an FTP server

[mac_angel]

Complete newbie, so please be patient.
Stuff I've done so far.
Installed all the ISS stuff that's needed for the FTP server.
Ran ISS Manager, right clicked on Sites, created FTP, FTP site name, path to the fold I want to share.
Selected the right IP address (changed my Windows settings to make that computer have that static IP address), port 21.
Start FTP automatically, no SSL
Authentication Basic, Authorization All Users (created 2 new local accounts for the people I want to share with), Permissions, Read.

BitDefender Total Security,
Added firewall rule for FTP, any protocol, any ports, any IP (at least to start off with).
I did the same with inetmgr.exe and intelsoftwareassetmanagerservice.exe (well, I remember doing it with the first one, but the second one is right next to it. I might have?)

Bell Modem,
port forwarding, both protocols, port 21 internal/external, the IP address of the server.

I have also signed up for no-ip. Went through the steps on there to name the FTP, and it picks up my external IP address.

However. When I try CanYouSeeMe to test, it gets my external IP address automatically, and I put in port 21. It comes up:
Error: I could not see your service on 142.189.230.156 on port (21)
Reason: Connection timed out

so I'm assuming I'm not even at the no-ip part yet.
Not sure how to proceed.

 

[ex_bubblehead]

Do you actually have the service running, and listening on port 21 at the time you tested? If not then there is nothing to see and the report is correct.

 

[USAFRet]

What will this server be used for, and hosted on what?

 

[ex_bubblehead]

And as an addendum, did you first test your FTP server on your internal network before trying to configure external access, which as an admitted novice you will likely screw up in some manner and leave your network vulnerable to outside attack.

 

[mac_angel]

Do you actually have the service running, and listening on port 21 at the time you tested? If not then there is nothing to see and the report is correct.

I believe so. As I mentioned, it's set to start with Windows startup.

 

[ex_bubblehead]

Believing so is nowhere near sufficient. Did you actually test it internally first?

 

[mac_angel]

What will this server be used for, and hosted on what?

Sharing files, large ones. For them to be able to download from, so read only access.
It's hosted on my personal server that I use mostly for Plex, but also have a bunch of other stuff on there.
Core i5 11,600K, 128GB RAM, HPE MR416i-p Gen10+ RAID card, six 20TB Seagate Skyhawk HDD in RAID 6 for the Plex media, and six 8TB Seagate (Constellation I think?) in RAID 5 for my personal stuff. It's a folder in that that I want to share.
10Gb backplane throughout the house, 3Gb Fiber Internet.

 

[mac_angel]

And as an addendum, did you first test your FTP server on your internal network before trying to configure external access, which as an admitted novice you will likely screw up in some manner and leave your network vulnerable to outside attack.

I'm not sure how. As I said, everything is new. I did try typing in the IP address of the server with :21 included. It said site cannot be reached.

 

[USAFRet]

Sharing files, large ones. For them to be able to download from, so read only access.
It's hosted on my personal server that I use mostly for Plex, but also have a bunch of other stuff on there.
Core i5 11,600K, 128GB RAM, HPE MR416i-p Gen10+ RAID card, six 20TB Seagate Skyhawk HDD in RAID 6 for the Plex media, and six 8TB Seagate (Constellation I think?) in RAID 5 for my personal stuff. It's a folder in that that I want to share.
10Gb backplane throughout the house, 3Gb Fiber Internet.

Hosted on a system in your house LAN, for outside access?

Unless you know what you're doing and this is absolutely locked down....this is a disaster waiting to happen.

 

[mac_angel]

Hosted on a system in your house LAN, for outside access?

Unless you know what you're doing and this is absolutely locked down....this is a disaster waiting to happen.

do you have another suggestion in how I can share a large folder with 5TB worth of files with two people that are not close by, and that they can access when they need?

 

[USAFRet]

do you have another suggestion in how I can share a large folder with 5TB worth of files with two people that are not close by, and that they can access when they need?

"not close by" = outside your LAN?

Some hosting service. OneDrive, GoogleDrive, something similar.
Let them worry about the security.

Anything publicly accessible gets access hits every single day. Your router does, and rightfully tosses those away.
With purposely opening a hole in your firewall, you are potentially giving access to the entire planet.

For the short time I had a space on my NAS open for access, it got access hits every day. Russia, China, Switzerland, Portugal, Ohio, etc, etc, etc.
Get your security even a little bit wrong, and poof...you're compromised. Along with all your other house systems.

And the FTP protocol is, by default, not secure.

 

[mac_angel]

"not close by" = outside your LAN?

Some hosting service. OneDrive, GoogleDrive, something similar.
Let them worry about the security.

Anything publicly accessible gets access hits every single day. Your router does, and rightfully tosses those away.
With purposely opening a hole in your firewall, you are potentially giving access to the entire planet.

For the short time I had a space on my NAS open for access, it got access hits every day. Russia, China, Switzerland, Portugal, Ohio, etc, etc, etc.
Get your security even a little bit wrong, and poof...you're compromised. Along with all your other house systems.

And the FTP protocol is, by default, not secure.

yes, outside the LAN, but also far as I'm not seeing them in person very often.
I'm not paying to host 5TB of data for someone to access once or twice
If it's an issue with security, I can have it turned off permanently, and when they want access, message me and put it up for a bit. I thought creating local accounts for them, with passwords, would help with the security. Have the FTP require the username and password.
If not FTP, what about SFTP?

 

[USAFRet]

yes, outside the LAN, but also far as I'm not seeing them in person very often.
I'm not paying to host 5TB of data for someone to access once or twice
If it's an issue with security, I can have it turned off permanently, and when they want access, message me and put it up for a bit. I thought creating local accounts for them, with passwords, would help with the security. Have the FTP require the username and password.
If not FTP, what about SFTP?

"to access once or twice"

Mail them a hard drive. The can copy it locally, and send it back.

 

[ex_bubblehead]

A few seconds is all the baddies need to do their "magic". Your router hides the continuous pounding at the door that goes on 24/7/365.

 

[bill001g]

The way you write your posts is very scary. It seems you have very little knowledge on how to set this up and are blindly trying stuff.

When you way you type in :21 where are you typing this from a ftp cmd line or from a web browsers. I would not use a web browser.

You always need to get this working on your local lan before you even think to start port forwarding. The hackers will take you machine over almost before you can get it set up. It has to be secure and set to go before you allow any port forwarding.

In any case you do not want to use FTP. All the traffic is send non encrypted. You need to at least use SFTP but it is harder to setup.

Likely the easier and more secure way to set this up is to put a VPN on your router. This will allow people to use the VPN encryption to access your local network and then you can pretty much use any file server you want even simple microsoft shares.

 

[cruisetung]

FTP is outdated and insecure. Use ZeroTier VPN and setup http(s) file browser for download/upload files instead

https://github.com/filebrowser/filebrowser

https://github.com/rejetto/hfs

No public IP, IIS and router port forwarding required.