Primarily, the command channel is opened by the client to the FTP server on port 21. The client also opens two random, unprivileged ports on the client (typically a port greater than 1023). We’ll call the first port P and the second port P+1. The FTP client initiates the connection to the server by sending a PASV command. The client connects to the server from port P to server port 21 with the PASV command. The server then opens another unprivileged port Q (any port greater than 1023), and sends the port information back as a reply to the PASV command. Now the client initiates the connection from port P+1 to port Q on the server to start the data transfer.
Client side: Data and other communications from the client should reach the FTP server. Make sure you allow the outgoing data and other communications from the client to go to the FTP server.
Server side: Port 21 should be open, as that is the port which receives the PASV command for initiating the connection. The port used by the server to respond to the client can be anything between Port 22 to 1022. Because the FTP server specifies a random port (anything greater than 1023), those ports should be open for communication.
“ICACLS "%SystemDrive%\ftp\ftproot" /Grant IUSR:R /T”
"%SystemDrive%\ ftp \ftproot"(or the path to the root folder) should be set as the path for your FTP site. Even the software firewall (Windows firewall, Symantec, etc.) should allow connections to the FTP server.
In this example, we will use Windows Server 2008 R2 to configure FTP.
If IIS is not installed,
To transfer files, you should add an FTP site. Once the FTP site is enabled, clients can transfer to and from the site using the FTP protocol.
%SystemDrive%\ ftp \ftproot
Note: Basic authentication means there is no encryption used. Thus, username/password are sent in clear text. Basic authentication matches the username/password from the Active Directory database. You can also create accounts in IIS. This can be done from under Management Tools in Web Server (IIS) role. Under Authorization, you can select All Users to allow FTP access to all users from the domain. Also, check both Read and Write under Permissions Based on Requirement.
To access files on the FTP server, open a file explorer and type ftp://serverIP. The FTP server asks for a username and password. Enter the username and password (Windows or Active Directory credentials) and click Logon. The files and folders display under the FTP server.