Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FTP - How do I forward a different external port?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tomv
      last edited by

      I found another thread that explained how to get incoming FTP to work and it works well.

      My external IP on port 21 forwards fine to my internal IP on port 21.

      I'd like to hide my FTP port and move it to another external port.. ie:210
      How can I either forward my:

      external IP port 210 to my internal IP port 210
      or
      external IP port 210 to my internal IP port 21

      I know how to change the port on proftpd.conf and I can connect to it locally using port 210, but external traffic cannot access it.

      It seems that the FTP helper only helps port 21 traffic.
      thanks.

      1 Reply Last reply Reply Quote 0
      • T
        trendchiller
        last edited by

        ???  ???  ???

        Ok, just slowly…

        Why the hell change the internal FTP port to 210 ??? forget this one...

        to NAT external Port 210 to internal Port 21 do the following:

        Firewall -> NAT -> add -> Int. WAN, ext. address: interface address, proto TCP, ext. range: other 210, NAT IP: <your ftp="" server="">, local port 21 (FTP), autopermit rule on...

        Have fun !

        Remember to check out active / passive mode with port 20 for DATA commands, etc...
        so for FTP, the ftp-helper is really better or do FTP via VPN, because if you permit FTP with rules it really weakens your Firewall...

        Or chose active mode TCP21 in and TCP20 out for Data...

        But then your client has to support active mode...

        Cruel FTP  :P</your>

        1 Reply Last reply Reply Quote 0
        • T
          tomv
          last edited by

          @trendchiller:

          ???  ???  ???

          Ok, just slowly…

          Why the hell change the internal FTP port to 210 ??? forget this one...

          I was just throwing it out there in case someone said forwarding a port to a different port would be a problem with FTP.

          I tried forwarding external 210 to internal 21 and that's where I started having trouble.

          @trendchiller:

          Remember to check out active / passive mode with port 20 for DATA commands, etc…
          so for FTP, the ftp-helper is really better or do FTP via VPN, because if you permit FTP with rules it really weakens your Firewall...

          Is this a setting in the firewall that I'm missing or is this within proftpd?
          I know FTP via VPN is more secure, but I'm trying to give just a few people READ access so a VPN is overkill and I want to move the FTP port so the script kiddies have a harder time finding my FTP server.
          The port I'll actually use will be a much higher number.

          thanks.

          1 Reply Last reply Reply Quote 0
          • T
            trendchiller
            last edited by

            The active / passive mode has to be set up in your ftp-server…

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.