Redirect FTP Traffic to an Internal Server

This article explains how to redirect FTP traffic to a server on LAN. To redirect the FTP traffic to an internal server, it requires 1. Changing the router's FTP service port 2. Setting up NAT to forward traffic on port 21 to the internal server. Vigor Router supports FTP ALG (Application Layer Gateway), after open the FTP command port (TCP 21), the router will inspect the command packets to learn which port the FTP client will use for data transmitting, and then open the data port accordingly. However, the FTP ALG of Vigor Router only inspects the packets transferred on port 21, if the FTP server on LAN uses other command port, FTP ALG will not work, and transmitting data in passive mode may fail.

1. Go to System Maintenance >> Management >> Management Port Setup, change the FTP Port to any other not used port.

2, Go to NAT >> Open Ports, and edit a profile as follows: 

  • Enable Open Ports,
  • enter Comment (optional),
  • select the WAN Interface where FTP traffic will be on,
  • enter IP of FTP server in Private IP,
  • select "TCP" for Protocol,
  • enter 21 for both Start Port and End Port,
  • click OK to save the configuration.

1. Go to System Maintenance >> Access Control, at Management Port Setup, change the FTP Port to an used port.

a screenshot of Vigor3900

2. Go to NAT >> Port Redirection to add a profile as follows:

  • enter Profile name,
  • check Enable,
  • select "One to One" for Port Redirection Mode,
  • select the WAN Profile from where the Internet client are allowed to access the FTP server,
  • select "TCP" for Protocol,
  • enter "21" for both Public Port and Private Port,
  • enter the IP of FTP server  in Private IP,
  • click Apply to save the configuration.
a screenshot of Vigor3900

Published On: 2016-06-29 

Was this helpful?