FTP - How do I forward a different external port?



  • I found another thread that explained how to get incoming FTP to work and it works well.

    My external IP on port 21 forwards fine to my internal IP on port 21.

    I'd like to hide my FTP port and move it to another external port.. ie:210
    How can I either forward my:

    external IP port 210 to my internal IP port 210
    or
    external IP port 210 to my internal IP port 21

    I know how to change the port on proftpd.conf and I can connect to it locally using port 210, but external traffic cannot access it.

    It seems that the FTP helper only helps port 21 traffic.
    thanks.



  • ???  ???  ???

    Ok, just slowly…

    Why the hell change the internal FTP port to 210 ??? forget this one...

    to NAT external Port 210 to internal Port 21 do the following:

    Firewall -> NAT -> add -> Int. WAN, ext. address: interface address, proto TCP, ext. range: other 210, NAT IP: <your ftp="" server="">, local port 21 (FTP), autopermit rule on...

    Have fun !

    Remember to check out active / passive mode with port 20 for DATA commands, etc...
    so for FTP, the ftp-helper is really better or do FTP via VPN, because if you permit FTP with rules it really weakens your Firewall...

    Or chose active mode TCP21 in and TCP20 out for Data...

    But then your client has to support active mode...

    Cruel FTP  :P</your>



  • @trendchiller:

    ???  ???  ???

    Ok, just slowly…

    Why the hell change the internal FTP port to 210 ??? forget this one...

    I was just throwing it out there in case someone said forwarding a port to a different port would be a problem with FTP.

    I tried forwarding external 210 to internal 21 and that's where I started having trouble.

    @trendchiller:

    Remember to check out active / passive mode with port 20 for DATA commands, etc…
    so for FTP, the ftp-helper is really better or do FTP via VPN, because if you permit FTP with rules it really weakens your Firewall...

    Is this a setting in the firewall that I'm missing or is this within proftpd?
    I know FTP via VPN is more secure, but I'm trying to give just a few people READ access so a VPN is overkill and I want to move the FTP port so the script kiddies have a harder time finding my FTP server.
    The port I'll actually use will be a much higher number.

    thanks.



  • The active / passive mode has to be set up in your ftp-server…


Log in to reply