I have successfully added several port forwards to point to various areas of my home server. But when I try to port forward to an FTP server, everything goes off the rails!
I have tried using different source port numbers and different destination port numbers without luck. All the while, when inside the network, I can access FTP directly on port 21.
I'm likely missing something truly simple here, but it appears I can't find it.
Any help would be greatly appreciated.
Active FTP is a PITA to put through firewalls.
Passive is a little better , but due to the random port number assigned , that makes creating rules also problematic.
This is an old but great website that explains it
- You almost certainly want to use passive ftp
- In your ftp server you likely want to limit the range of random ports assigned for data transfer to a small-ish range (eg 10 ports)
- Configure that range of ports in your firewall rule, along with tcp port 21
Please make sure that
kmod-ipt-raw is installed for conntrack helper support.