Pulling my hair out with a port forward


#1

I have successfully added several port forwards to point to various areas of my home server. But when I try to port forward to an FTP server, everything goes off the rails!

I have tried using different source port numbers and different destination port numbers without luck. All the while, when inside the network, I can access FTP directly on port 21.

FTP%20forward

I'm likely missing something truly simple here, but it appears I can't find it.

Any help would be greatly appreciated.


#2

Active FTP is a PITA to put through firewalls.

Passive is a little better , but due to the random port number assigned , that makes creating rules also problematic.

This is an old but great website that explains it

http://slacksite.com/other/ftp.html

Takeaways:

  1. You almost certainly want to use passive ftp
  2. In your ftp server you likely want to limit the range of random ports assigned for data transfer to a small-ish range (eg 10 ports)
  3. Configure that range of ports in your firewall rule, along with tcp port 21

HTH


#3

Please make sure that kmod-ipt-raw is installed for conntrack helper support.