Filezilla server for local network in Windows: step by step guide
Setting up an FTP server is a relatively easy way to share files in your local network. It is more difficult to set up an FTP server for remote transfers. This article focuses on local FTP transfers.
Download and install
Filezilla Server can be downloaded from here. For the most part, there isn’t anything to be gained by deviating from the default settings. The only major decision you need to make is whether you want Filezilla Server to be auto-started with Windows or not. Auto-start is the default, if you don’t want that, choose the Install as service, started manually option in the Startup settings.
For everything else, just accept the defaults.
Filezilla Server Administration Settings
Next step is to create an administration password. This password is for establishing a connection between the Filezilla administration interface and the Filezilla service. Please note that this connection is purely meant for administering the server. It has nothing to do with an actual FTP connection.
info: If you are wondering why such a password is needed, it is because the Filezilla service (which run in the background) and the Filezilla administration interface (GUI) are two separate software. You can control the Filezilla server remotely using the Filezilla administration interface. I will not be covering remote administration in this article. In our example both the service and the GUI will be running on the same machine.
Click install to install Filezilla Server.
Filezilla Server will display a sha256 fingerprint. This is useful if you plan to administer the server remotely. If your are planning to use this feature, make a note of the sha256 fingerprint or take a screenshot of it. It is not needed for our example.
Start Filezilla administration interface
Once the installation is complete, the administration interface should start automatically. It can also be started by clicking on the “Administer Filezilla Server” shortcut.
Click on “Connect to Server” and enter the password we created earlier to establish the connection.
When you are connecting to Filezilla server for the first time, it will show the following message.
Since we are running both the Filezilla service and the administration interface on the same computer we can just click yes.
The Administration interface will connect to the Filezilla service.
Creating a user account
Now we can get to the task of adding a user. Choose the configure option from the server menu or click Ctrl+F
Select “Users” in the configure window. Click “add” and then type in the username of the new user. For authentication you can choose between “Do not require authentication” (not recommended), “Require a password to login” or “Use system credentials to log in”.
Authentication with password is the most popular option. If you choose this option, you will need to set a password for the user by typing it in the textbox below the password dropdown.
Make a folder available via FTP
The next step is to add what Filezilla calls a mount point. The mount point is a mapping between the folder you want to make available via FTP and a “virtual folder” where the user can find the content of your “real folder” when they connect to the FTP server.
For security it is better to create a folder specifically for the files you want to share via FTP. Set this as your “Native Path” in the “Mount Points” list.
You can specify any virtual path but you must use Unix style path separators and it must start with a “/”. We are going to use just “/” as our virtual path.
Now we need to take a look at user permissions relating to the folder. By default, you get only the permissions to list directory contents and read files. This basically amounts to download only access with no uploads or server modifications supported. If you need more permissions, select the appropriate options in the Access mode dropdown.
Add an exception in Windows Firewall
Since an FTP server needs to accept incoming connections, we have to add an exception to our firewall. I will describe how to do this in Windows Firewall. If you are using a third-party firewall, please consult the firewall’s documentation.
In the Start Menu search for Windows Firewall and choose Windows Defender firewall with advanced security.
From the left pane choose inbound rules.
From the right pane choose New Rule.
This opens a wizard-style interface, use it to create an exception for Filezilla Server.
Create a static IP address
The next step is to create a static IP address. Without a static IP address, connecting to the server will be a hit or miss operation. Please read the article Setting up static IP address in Windows 10 to find out how.
Connect to the FTP server
Now that we have the FTP server up and running, we can connect to it from another computer. There are multiple ways of connecting to an FTP server, I will describe how to do it using Filezilla’s own client application.
Install and launch the Filezilla client. You can use the Quick Connect bar below the Toolbar to quickly establish a connection. However, for future convenience, it is probably better to add your server to the Site Manager of Filezilla client.
From the File Menu choose Site Manager.
Click on the New Site button and enter the details for the new site.
- In the Host field enter the static IP address which we created for the server.
- The default port is 21 unless you have changed it in the server.
- Enter the username and password which you set for the user in the server.
- Click OK.
Now you can connect using the Start Manager button on the toolbar.
Improving Security
Running an FTP server on your computer has implications for security. However, since we are accepting connections only from the local network, it can be done in a reasonably secure manner. It is possible to restrict connections to an IP range. This can be done in both your firewall and in Filezilla Server. Here is how to do it in Filezilla Server.
- Select the user account
- Click on the filters tab
- In the “disallowed IP ranges” section put an asterisk to block all IP addresses.
- Specify exclusions to the block list in the “Allowed IP ranges” section.
For exclusions, you can specify individual IP addresses and IP address ranges. I mentioned earlier that, for the server, you need to setup a static IP address. If you happened to have created one for the client as well (100% optional), enter it here.
Otherwise you have two options
-
Find the DHCP range of your router and specify that. The article that I linked to earlier shows and example. Here is the link to that section Setting up static IP address in Windows 10. This is the recommended method.
-
Find the current IP address of the client in Windows settings. Add a range that includes the current IP address and some adjacent IP addresses. For example, if your IP address is 192.168.1.102, you can use 192.168.1.100-192.168.1.105 as the range. You don’t have to be exact about this, just make sure that your current IP address is included. The purpose of adding a range instead of a single IP address is that, because of DHCP, the IP address of devices can change when you restart the router. If someday you find yourself unable to connect, you may have to come back to this setting.
IP address ranges can be specified in interval form or in CIDR notation. You can use this webpage to find CIDR notation given an IP address range.