Scannex ip.buffer User Manual
© UK 2007-2021 Scannex Electronics Ltd. All rights reserved worldwide.
8.2.14. FTP
The FTP server, as used for FTP server data delivery and FTP server data collection, has
global settings.
FTP Server
TCP Port
The port number for the server.
0 will disable the FTP server completely.
[21]
Interface
“
LAN only
” – dial-in PPP connections are blocked
“
Modem only
” – Ethernet connections are blocked
“
LAN or Modem
” – either PPP or Ethernet can be used
[LAN or Modem]
Allow
You can enter a name, IP address, or wildcarded
IP address to
restrict access to the FTP server for clients on the LAN.
You can also enter a comma- or semicolon-separated list.
Any non-matching clients will have their connection
immediately closed.
(
Hint:
leave this blank until you have the system working, and
then
secure it with a value)
[blank]
TLS/SSL
“
No Encryption or explicit
” – uses plain FTP transfers
“
Require explicit (by command)
” – starts with a plain
connection and requires the client to negotiate SSL/TLS
before transferring data
“
Only Implicit (by port)
” – starts with SSL/TLS
Note: Even if set to “No Encryption” the client can still request
an explicit SSL/TLS connection.
[No encryption]
Passive Port Range
Lo
The lowest port number to use (use 1024-65534)
[50000]
Hi
The highest port number to use (use 1024-65534)
[50099]
When the FTP client request PASV (passive mode), the server will use one of the ports
within this range, Lo-to-Hi. You can easily setup an inbound firewall rule if needed
47
If you are using
collection
with the FTP Server, then do not use the “Modem Only” setting – this
will prevent your device from connecting to the ip.buffer.
48
e.g. “192.168.0.*, device.scannex.com, 192.168.*”. Wildcards are “*” for anything, and “?” for
any single character.
49
Using “Require explicit” SSL will still allow
collection
from non-SSL FTP devices.
50
When forcing “Implicit” SSL, all FTP connections must use SSL – including collecting FTP devices.
51
If the ip.buffer is behind a firewall, you will need to add “Services” to the firewall. The main
service will be the FTP service (or specific TCP port if you use something other than 21). In addition,
you should add the passive port range as services in the firewall. For all these services, tell the
firewall to send the TCP traffic to the internal IP address of the ip.buffer. (Individual firewall
configuration varies greatly.)
Page 50
Scannex ip.buffer User Manual
© UK 2007-2021 Scannex Electronics Ltd. All rights reserved worldwide.
8.2.14. FTP
The FTP server, as used for FTP server data delivery and FTP server data collection, has
global settings.
FTP Server
TCP Port
The port number for the server.
0 will disable the FTP server completely.
[21]
Interface
“
LAN only
” – dial-in PPP connections are blocked
“
Modem only
” – Ethernet connections are blocked
“
LAN or Modem
” – either PPP or Ethernet can be used
[LAN or Modem]
Allow
You can enter a name, IP address, or wildcarded
IP address to
restrict access to the FTP server for clients on the LAN.
You can also enter a comma- or semicolon-separated list.
Any non-matching clients will have their connection
immediately closed.
(
Hint:
leave this blank until you have the system working, and
then
secure it with a value)
[blank]
TLS/SSL
“
No Encryption or explicit
” – uses plain FTP transfers
“
Require explicit (by command)
” – starts with a plain
connection and requires the client to negotiate SSL/TLS
before transferring data
“
Only Implicit (by port)
” – starts with SSL/TLS
Note: Even if set to “No Encryption” the client can still request
an explicit SSL/TLS connection.
[No encryption]
Passive Port Range
Lo
The lowest port number to use (use 1024-65534)
[50000]
Hi
The highest port number to use (use 1024-65534)
[50099]
When the FTP client request PASV (passive mode), the server will use one of the ports
within this range, Lo-to-Hi. You can easily setup an inbound firewall rule if needed
47
If you are using
collection
with the FTP Server, then do not use the “Modem Only” setting – this
will prevent your device from connecting to the ip.buffer.
48
e.g. “192.168.0.*, device.scannex.com, 192.168.*”. Wildcards are “*” for anything, and “?” for
any single character.
49
Using “Require explicit” SSL will still allow
collection
from non-SSL FTP devices.
50
When forcing “Implicit” SSL, all FTP connections must use SSL – including collecting FTP devices.
51
If the ip.buffer is behind a firewall, you will need to add “Services” to the firewall. The main
service will be the FTP service (or specific TCP port if you use something other than 21). In addition,
you should add the passive port range as services in the firewall. For all these services, tell the
firewall to send the TCP traffic to the internal IP address of the ip.buffer. (Individual firewall
configuration varies greatly.)
Page 50
