Académique Documents
Professionnel Documents
Culture Documents
Overview
The Synology NAS can act as an FTP (file transfer protocol) server, allowing users to access shared folders and files over the
Internet. FTP settings allow you to share specific folders on your Synology NAS with certain users or allow anonymous access.
In addition, you can control advanced settings, such as encryption service, transfer log, and transfer speed limits.
This article guides you through the basics of sharing files stored on your Synology NAS via FTP and its encrypted variants.
Contents
This article assumes that you have already done the following:
Configured your Synology NAS to be accessible over the Internet (see this tutorial).
For information about basic hardware and software setup, please refer to the Quick Installation Guide for your Synology
product. You can also see Synology NAS User's Guide for additional information related to this article. Both documents are
Return to top
First, before transferring any data with FTP, you will need to enable FTP services on your Synology NAS. The section below
explains how to configure basic FTP services, as well as allow registered or anonymous users to access specific shared folders
via FTP.
Return to top
This section explains how to enable FTP services on your Synology NAS. Before starting, please ensure the following TCP
ports of your router are being forwarded to the Synology NAS: 21 (default control connection), 20 (data connection for active
mode) and 1025-65535 (data connection for passive mode). Port forwarding settings can be found at Control
a. Enable FTP service (No encryption) : FTP is the standard network protocol used to transfer files, without
encryption mechanisms to protect information (e.g. usernames, passwords, and files) during transfer sessions.
However, FTP provides faster transfer speeds and requires less system resource.
b. Enable FTP SSL/TLS encryption service (FTPS) : FTPS is an extension to FTP, with additional support for
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) cryptographic protocols that protect information
(e.g. usernames, passwords, and files) during transfer sessions. However, FTPS provides slower transfer speeds
c. Enable SFTP service : SFTP is a file transfer protocol extension to the Secure Shell (SSH) protocol. SFTP only
requires one TCP port number, and can authenticate users without passwords via private and public keys.
However, SFTP provides slower transfer speeds and consumes more CPU resource due to encryption.
from 1025 to 65535 and contain up to 128 ports; however, the default range varies with Synology
NAS models.
The port number for FTP can be set from 1 to 65535, excluding reserved port numbers for other
services or packages, for example 20, 22, 23, 25, 80, 110, 137, 138, 139, 143, 199, 443, 445,
515, 543, 548, 587, 873, 993, 995, 3306, 3689, 5000, 5001, 5005, 5006, 5335, 5432, 8080, 8081,
9997, 9998, 9999, 50001, 50002, and eMule default ports: 4662 (TCP), 4672 (UDP).
The "guest" account cannot log in to the server via FTP. To allow anonymous users to access
shared folders via FTP, please see Section 2.4 Allow Anonymous Users to Access Shared
We recommend using UTF-8 encoding for FTP services. The codepage settings on the FTP client
must be the same as that of the Synology NAS in order to access the data correctly.
Return to top
On the Advanced Settings page, you can manage file transfer logs, enable anonymous users to access shared folders, or
change users' root home for FTP transfer. To access these settings, go to Control Panel > File Services > FTP and
If one of the users on your Synology NAS cannot access a certain shared folder via FTP, make sure the user has the proper
read/write permissions for that shared folder. To edit a user's read/write permissions, please follow the instructions below.
3. Select the user whose permissions you wish to change and click Edit .
4. Go to the Permissions tab.
5. Assign the user's read/write permissions for shared folders by checking the appropriate boxes.
7. Make sure the user has been granted FTP service privileges.
9. Now users will be able to access the specified shared folder via FTP with his Synology NAS user name and password.
Return to top
You may change the settings of a shared folder to allow anonymous FTP access, allowing users to access specified shared
folders without the need to enter a user name and password. To do so, please follow the instructions below:
1. Log in to DSM using an account belonging to the administrators group.
3. Select the shared folder you wish to make available to anonymous users and click Edit .
6. Assign read/write permissions for the Anonymous FTP/WebDAV user by checking the appropriate boxes.
11. Now users will be able to access the specified shared folder via FTP without entering a user name and password.
Return to top
2.5 Allow Users to Access Shared Folders via SFTP
SFTP offers secure file transfer to DSM users without the need of passwords, and reduces the leakage risk of user credentials.
For steps 3 to 7, you need to select Enable SSH service (at Control Panel > Terminal & SNMP > Terminal ) first to
1. Go to Control Panel > File Services > FTP , and select Enable SFTP service .
2. Go to Control Panel > User > Advanced > User Home , and select Enable user home service
3. Generate the private and public keys via PuTTYgen or command lines:
PuTTYgen: Copy and save the text displayed in the enclosed window as a .txt file, and name it as id_rsa.pub .
Command lines: Use software (e.g. PuTTY) to connect to DSM via SSH. On the console execute the
the private key id_rsa will be generated in the specified user's home folder. When migrating the private key to
another device, make sure to use encrypted transfer via HTTPS, FTPS, or SFTP to prevent key leakage.
4. Create a ".ssh" folder in File Station, and upload the public key id_rsa.pub to the created folder
(Path: home/.ssh/id_rsa.pub).
5. Append the public key content to the existing authorized_keys file by executing the enclosed commands below.
6. Add the private key (i.e. id_rsa) to the FTP client. If you use FileZilla FTP Client, refer to this article or other
7. Execute the enclosed commands below to ensure the permissions of the user home folder, ".ssh", and "authorized_keys"
are 711.
8. The specified DSM user can now connect to the Synology NAS via SFTP without entering the password.
Return to top
This section walks you through the steps of accessing files via FTP with a web browser.
2. In the address bar, enter “ftp://” followed by your Synology NAS device's IP address or DDNS hostname. For example,
“ftp://66.94.234.215” or “ftp://yourhostname.synology.me.”
3. Depending on your settings, you will be asked to log in. Enter your Synology NAS user name and password. The user
account you enter must have access privileges for the shared folder that you wish to access.
4. If login is successful, you should see an index of shared folders on your Synology NAS.
Return to top
This section walks you through the steps of accessing files via FTP with a FTP client.
2. Enter your Synology NAS device's IP address or DDNS hostname in the Host field.
3. Enter your Synology NAS user name and password in the appropriate fields. The user account you enter must have
4. Enter the port number your Synology NAS uses for FTP services (the default port number is 21).
6. If login is successful, you should see the shared folders on your Synology NAS.