NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Help with RAX20 and port forwarding FTP
I just got this router today and have it setup through a Xfinity Gateway in bridged mode. Previous to this on the Gateway, I was able to port forward my Raspberry PI FTP server (port 21) and access i...
There is only one port 21/TCP ... if the router is configured on ReadyShare to FTP, port 21/TCP is obviously already occupied. Disable the FTP service on the advanced ReadyShare settings.
I would expect that this does free up port 21/TCP on the WAN interface to become available for the port forwarding. Netgear has an old flaw on port 443 (the default https one) - even with the https remote access service and https ReadyShare disabled or relocated to an alternate port, the port 443/TCP isn't becoming available for port forwarding.
Something general ref. ftp: These routers (including your previous one) have an application layer gateway (ALG) listening on the standard ports, e.g. 21/TCP for FTP on the handshake communication for the passive connection, dynamically adding a port forward to that port. If using FTPS (encryption) the ALG can't work so you need to configure the passive port range configured on the ftp server in a port forward range.
I posted a reply but it didn't show up for some reason. I'll try again later because it was limiting my message replys for 60 minutes or something.
I had gotten a little ahead of myself thinking I fixed it but was able to sort the rest out and it works now. I do have limited networking knowledge and it just seemed a lot easier to setup with the Xfinity gateway. A lot of it was my fault as I had the port range setup from ’20/21’ instead of the ‘21/22’. (Port 21 still refuses to connect but SFTP Port 22 (FTP over SSH?) works just fine) That and I needed to setup a Static IP on my Raspberry PI. (I didn’t with the Xfinity Gateway and not exactly sure why it worked fine on that) Connecting locally to SFTP first worked and once I fixed the rest of my mistakes, I had no problem connecting remotely.
Yes, I did have to go in the Router settings / Advanced / Ready Share Storage, to disable the ‘FTP’ & ‘FTP (via internet) In order for it to work. I am still unsure of how to connect to port 21/FTP but that is fine as long as it just works with how it's setup now. I will have to read up on how to setup 443/TCP as I don't think I have ever used that before currently with my Raspberry PI. Once I get that figured out, I'll let you know If I'm able to get that working. I do appreciate the help though. It will be nice to know if I ever run into this again. Thanks
Only 21/TCP is required for the FTP control stream - 22/TCP can't be used over NAT for the FTP data stream because we have to use passive FTP. The FTP client is getting a so called passive data port assigned, the FTP ALG does take care of the port forwarding. This is absolutely normal on any NAT router.
Next, don't be confused:
- FTP is FTP, it's secured variant is FTPES (where the FTP client can request the FTP server to use TLS).
- SFTP is a complete different thing, this is a SSH File Transfer Protocol - handled ove the SSH port 22/TCP.
> [...] I had the port range setup from '20/21' instead of the `21/22'.
> (Port 21 still refuses to connect but SFTP Port 22 (FTP over SSH?) works
> just fine) [...]Conventional FTP uses ports 20 (data) and 21 (control). SSH
(including its SFTP subsystem) uses port 22. Two different protocols,
two different (sets of) ports. Passive mode FTP uses a port other than
20. for data.