I modified /etc/config/firewall to open port forwarding of ftp to certain internal ip like the following and /etc/init.d/firewall restart.
However it doesn't work. "connection refused" occurs on ftp client.
If there is other thing to be required to configure, please let me know.
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
option masq 1
option mtu_fix 1
config redirect
option src wan
option src_port 21
option dest lan
option dest_ip 192.168.1.32
option dest_port 21
option target DNAT
option proto tcp
Is there a lan zone defined?
Post the whole output of uci export firewall; cat /etc/firewall.user
Also ftp is using multiple ports, you'll need to use 20 and 21, plus to track the passive connections.
uci add firewall redirect
uci add_list firewall.@redirect[-1].proto='tcp'
uci set firewall.@redirect[-1].src_dport='20-21'
uci set firewall.@redirect[-1].dest_ip='10.0.2.5'
uci set firewall.@redirect[-1].dest_port='20-21'
uci set firewall.@redirect[-1].src='wan'
uci set firewall.@redirect[-1].name='ftp'
uci set firewall.@redirect[-1].dest='lan'
uci set firewall.@redirect[-1].helper='ftp'
uci set firewall.@redirect[-1].reflection='0'
uci set firewall.@redirect[-1].target='DNAT'
uci commit firewall
service firewall restart
It seems that when I changed the router to openwrt, the configuration of the firewall on the PC was changed when initially connected to openwrt.
I found that the packet reached the ftp server but blocked by firewall on the PC of ftp server.
I unchecked it on the firewall, then ftp works ok.
Thanks you all for your responses.