Link to home
Start Free TrialLog in
Avatar of mrmut
mrmutFlag for Croatia

asked on

FileZilla port forwarding

I have problems with FileZilla forwarding thru adsl NAT.

I have enabled passive mode (just a few users) with ports 65000-65005 (and 21, plain FTP), and also made portforwards for those ports.

However, the connection doesn't work that way? Did I forgot any other ports?

When I put server in DMZ, all works fine.

Pls. help! :)
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

Plain FTP server uses port 20 for data transfer in 'normal' mode.  Did you set up the server for passive mode connections thru those ports?

In situations where the client is behind a firewall and unable to accept incoming TCP connections, passive mode may be used. In this mode, the client uses the control connection to send a PASV command to the server and then receives a server IP address and server port number from the server, which the client then uses to open a data connection from an arbitrary client port to the server IP address and server port number received.
Avatar of mrmut


I forwarded ports 21, and 65000-65005 - I thought Passive mode is on as soon as I ebable that.

Port 20 should be for normal mode only? Or should I also port that through?
The client will request passive mode.  You have to tell the server what ports to use for passive mode so it knows what to tell the client to use.  Just opening them in the firewall isn't enough.  Port 20 is used in 'active mode', I don't know if it needs to be open for passive mode.
Avatar of mrmut


Heh. I tried defining Passive mode ports + port 21, but for some reason, I can't connect to the server. It works only if I put it in DMZ, and I checked both the firewall and server settings. It should work.

Any testing idea? I am kind of lost here.
No, I don't know.  Please click on "Request Attention" above to get some others to look at your question.
When you say filezilla - is it client or server?
Avatar of ☠ MASQ ☠
☠ MASQ ☠

How have you configured the Server Options within FileZilla?

In Passive Mode you can still limit the port range used (otherwise any port over 1024 could be selected) and you need to define your external (IPv4) IP - or if your external IP varies (DynDNS) allow FileZilla's servers to retrieve it.

For testing Port 21 try - you should at least get a log file showing what doesn't work!
Avatar of mrmut


OK, so it is as follows:

FileZilla server

I have set up a user, shares, etc, with permissions, and all is ok in that area.

In settings I have listen on port 21, binded on all interfaces (*)

In passive Mode settins, I have set 65000-65005, and seet IPv4 IP setting set to retrieve external IP address from

In security settings I have set "require matching peer IP address of control..."

All that set behind aDSL, with forwarded ports 65000-65005 and 21, and without setting server into DMZ, I can't get data connection pass through. The server connects, but it fails down on enumerating dir, transferring etc.

And I have checked port forwards at least 50 times if I made a mistake anywhere.
Which router? - do you have hardware fire-walling?

Zilla recommend a larger port range so (at least for testing) could you up it to 65000-65050 (I know it shouldn't make a big difference but it's their product :))

Do you have a variable external IP?  If not try using the second option in the server config rather than relying on ip.filezilla

Are your users inside or outside the Server's LAN?  Where are you testing from?  Don't test from within the network unless you have no other option.
FTP is not file sharing. Which are you trying to make work?
And, is there perchance, a second router (i.e. Internet -> ADSL -> Dlink, Netgear, etc. -> server)?
Your setup will not allow ftp active mode, like windows ftp.exe
Can you share some server log of failing session?
Avatar of mrmut


It is very simple: the login process passes fine, but the thing halts up on listing directories.
The logs are the same way from both sides (client-server), they both handshake well, but fall down just before listing directory:

Status:      Connection established, waiting for welcome message...
Status:      Connected
Status:      Retrieving directory listing...

And if I put the server in DMZ, it works fine. The weirdest part is that I have checked and rechecked port forwards gazillion times, and everythign is OK. I even have loads of experience with that particular modem.
Can you see commands in filezilla server log?
time out on listing means that data connection was not estabilished.
FTP is not file sharing. Which are you trying to make work?
 And, is there perchance, a second router (i.e. Internet -> ADSL -> Dlink, Netgear, etc. -> server)?
What do you see with ??
If you're getting you still don't have the external server setting correct for passive use.
Avatar of John Gates, CISSP, CDPSE
John Gates, CISSP, CDPSE
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ftp uses UDP... yayaya...
Avatar of mrmut


I am just testing, will open port from 20-22, and leave 65000-65005 (don't need more).

Re the for IP address:

"The FileZilla IP page will return the correct IP only to FileZilla products. All other connectors, including browsers, see only This is to prevent third-party abuse of that service."

Will report back, I need to test this thoroughly.
Avatar of mrmut


OK, so I tried the new settings, and it still didn't work. Than I called telecom company and asked for line checkup and testing. It turned out, the line was problemmatic and needed repairs. Additionally, I asked for modem/router replacement, and got a new one.

After forwarding ports anew, as per recommentations by John Gates, it works nicely now. :-)
(Tho I only left 6 ports open, as per my needs.)
Filezilla client allows 9 parallel transfers... as per my needs.
Avatar of mrmut


Agree, but I have closed source client application that used only one + have it on several locations. That makes even 6 a crowd, but I wanted to be on the safe side.

Thanks for help!