Pulling my hair out with a port forward

I have successfully added several port forwards to point to various areas of my home server. But when I try to port forward to an FTP server, everything goes off the rails!

I have tried using different source port numbers and different destination port numbers without luck. All the while, when inside the network, I can access FTP directly on port 21.


I'm likely missing something truly simple here, but it appears I can't find it.

Any help would be greatly appreciated.

Active FTP is a PITA to put through firewalls.

Passive is a little better , but due to the random port number assigned , that makes creating rules also problematic.

This is an old but great website that explains it



  1. You almost certainly want to use passive ftp
  2. In your ftp server you likely want to limit the range of random ports assigned for data transfer to a small-ish range (eg 10 ports)
  3. Configure that range of ports in your firewall rule, along with tcp port 21



Please make sure that kmod-ipt-raw is installed for conntrack helper support.