If you are hosting a Filezilla FTP server behind a NAT firewall and/or Windows firewall you will know that connections are not allowed by default. For FTP access into your network, you must delegate access to the passive and or active FTP ports.
What is Filezilla
Filezilla provides FTP solutions:
FileZilla FTP client is a free free FTP client solution. The FileZilla Client not only supports FTP, but also FTP over TLS (FTPS) and SFTP. It is open source software distributed free of charge under the terms of the GNU General Public License.
FileZilla FTP Server is a free open source FTP and FTPS Server.
I have been using Filezilla client and server for the last fifteen years and can confess that it is an amazing product. It is free, fast and offer many configuration options. Once firewall ports have been configured, Filezilla runs without a hitch.
Passive and Active FTP ports
Filezilla FTP server just like any other FTP server can be configured to use active and or passive FTP connections.
In active mode, the client establishes a connection to the command channel but the server is responsible for establishing the data channel. Typically, TCP ports 20 and 21 are used.
In passive mode, the client establishes both channels.
However, it then requests the server (on the command channel) to start listening on a port (at the servers discretion) rather than trying to establish a connection back to the client.
Below is a quick step by step to configure active mode sessions.
Configuring A Router To Allow FTP Connections
If you are hosting an FTP server on your internal network, you will have to configure traffic destined for the FTP protocol to be forwarded via your router/firewall to the specific FTP server on your network.
The very first step to allow FTP connections to a FTP server located on a LAN network is to allow inbound FTP traffic to the correct IP address and ports.
Login to your Router/firewall and navigate to the port forward area. This option might be called NAT forwarding or pinhole configuration on some devices.
On my “EdgeRouter X” port forwarding is a straightforward affair. You specify the incoming port, destination IP address and destination port.
If you are hosting a Filezilla FTP server on your lan with a standard setup then enter a port forward entry for the FTP Control Port TCP port 21 together with the internal IP address of the FTP server and another port forward for the FTP Data Channel TCP port 20.
Now save the new port forward configuration and exit.
Configuring Windows Firewall To Allow FTP Connections
The next step is to allow FTP connections through the windows firewall. Open up the Windows advanced firewall by going to Windows Firewall option.
Click on the “Advanced settings” option.
Click on “Inbound Rules”
Click on “New Rule”
Click on ” Program” and browse to the Filezilla FTP server executable.
Click on “next” and “finish”
Next, we will add the FTP ports:
Click on “New Rule”
Select “Port”
Select “TCP”
Input ports 20, 21 for “Specific local ports”
Click “Next”
Confirm “Allow the connection” is selected, click “next”
The rule should apply for your specific network, if not sure select all three network places. Private, public and domain.
Give your new rule a name and optional description and click finish.
When the above has been applied correctly you should now be able to access your FTP server from the internet.