Slow SFTP transfer speeds from LAN to WAN and vice-versa

Hello there!

I've got a TP-Link Archer C7 v2 running smoothly under OpenWrt for a long time now. I was in a double NAT setup with my ISP router in front before but since I've moved to a new place a little while ago I configured my Archer to be the only router on my network (although same ISP as before).

I've a file server on my network with an OpenSSH server running on it so that I can access my files from the WAN securely (only key-based auth is permitted).

I've a NAT rule configured in OpenWrt so that the traffic coming from the WAN on the port 1337 (I don't use 22 because of automated scanners which spams my logs) is redirected to my file server on port 22.

And my problem is simple, the SFTP transfer speed (which uses SSH) from LAN to WAN and WAN to LAN is terrible, in the range of 270 kbps where I get ~82 MBps from LAN to LAN, so the problem doesn't come from my OpenSSH server. I have a symmetrical 300 Mbps fiber connection with my ISP and I get pretty much 300 Mbps when doing an HTTP transfer on port 443 from LAN to WAN and WAN to LAN.

I've tried to change the port forward from 1337 to 22, so no port translation, to see if it would make a difference, but it didn't. I also tried 8080 (can't try 80 and 443 yet as I've important services listening on them) because I thought maybe my ISP was throttling speed on non-"standard" ports but the result was the same, and my ISP has a reputation of not interfering in that sort of way.

So, if you have any idea of what settings could cause my LAN to WAN SFTP speed to be so low I would very much appreciate the help!

I will update this post once I've had more time to test on port 80 and 443.

Thanks a lot for taking the time to read!

As far as I can remember using Filezilla sftp server:
I had to forward a port range for transfer. Every secure transfer opens its unique port for traffic. I forwarded ~5 port range configured on my server. Port 22 is used only for negotiation (someone fix me, if I`m wrong). What SSH service is deployed on your server?

I had to forward a port range for transfer. Every secure transfer opens its unique port for traffic. I forwarded ~5 port range configured on my server.

Maybe for Filezilla server but I'm 99% sure that's not the case for OpenSSH's sshd, which is what I'm using on my server running FreeNAS (so FreeBSD under the hood).

Also the transfer speeds were normal when I was in a double NAT setup with pretty much the same firewall rules before moving into my new apartment.

Thanks for taking the time to answer!

EDIT : Now that I think about it, I think you're confusing SFTP and FTP which aren't the same protocols. FTP does use two ports, 21 for command and 20 for data. And as far as I know FileZilla also can't act as an SFTP server.

If you're on the same network why aren't you using NFS?

I'm don't really need SFTP on my LAN, I've syncthing set up to synchronize all my data between my file server, my desktop, my laptop and my phone.

I also have NFS set up so that my compute server can access my file server. I just wanted to be brief in my explanations, I only use SFTP on my LAN for testing purposes.

But I've friends that want to access the files on the server from their home and the most secure way to do that without a VPN is with SFTP.

EDIT: I've edited my first post to reflect this explanation.