How to Publish an FTP Server


An FTP server may be published as a NetFoundry AppWAN with careful configuration of the server and matching Services. This recipe will detail using the Endpoint-hosting strategy where the FTP server and Endpoint software are running on the same device. It is assumed that you have a blanket Edge Router policy. 

Configure the FTP Server

It is assumed the FTP server controller port will be standard 21/tcp and has a real IPv4 address of You will need to configure the data connection mode=passive and passive mode port.

  1. Ensure that data connection "passive" mode is enabled, and "active" mode is disabled. Your FTP client will connect to the passive mode port provided by the FTP server. 
  2. Specify a port for the data connection e.g. 54321/tcp. Choose any available TCP port that is available on the device where the FTP server is running.
  3. Specify internal IP ""  for the passive mode data connection. This IP will be communicated to the FTP client when it connects to the FTP controller port of the server and initiates any file transfer. This must exactly match the client intercept address you will configure for the Services.
  4. Verify you are able to log in by running an FTP client on the same device as the FTP server and connecting to localhost. Verify you are able to obtain a directory listing in the FTP client for the FTP server.

Configure the AppWAN

You will need a pair of NetFoundry Services to describe the FTP server's controller (21/tcp) and data connection (54321/tcp) ports.

  1. Create an Endpoint for hosting the FTP Services named like "FTP Server Endpoint". Ensure this Endpoint is covered by a blanket Edge Router Policy and role attribute #ftpclients.
  2. Create an AppWAN named "FTP Server AppWAN" with Endpoint attribute #ftpclients and Service attribute #ftpservers.
  3. Create a Service for the FTP server's controller port named like "FTP Server Controller".
    1. For client intercept address use fictitious hostname "". Let the intercept port be 21/tcp.
    2. The server hostname is "localhost" and server port is 21/tcp because the Endpoint software is running on the same device as the FTP server.
    3. Assign role attribute #ftpservers
  4. Create a Service for the FTP server's data connection port named like "FTP Server Data".  
    1. Client intercept address is identical to the Controller Service "". Intercept port is 54321/tcp.
    2. The server hostname is again "localhost" and server port is 54321/tcp.
    3. Assign role attribute #ftpservers

If you wish to publish the FTP server by hostname instead of IP you may substitute "ftp.netfoundry" for the passive mode internal IP/hostname configuration option and client intercept hostname of both NetFoundry Services. This prevents non-NetFoundry clients from connecting to the server's data connection port, however. For this reason we'll use the real IPv4 address of the FTP server for the client address instead of a fictitious IP or hostname in this recipe.


Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.