FTP not working over WAN, Server 2016

ToMEDGEl

New Member
Hello All, I am hoping that someone can assist. I have searched the forums, and have not been able to find a solution. I have a Windows 2016 running an FTP server. I can access locally to the direct server IP with no issues. I have my firewall set to port forward traffic from my public IP, to the server, and it works with no issues. Running wireshark on the server I can see the external IP sending to port 21. However on my external traffic I get a syn, and then no syn/ack. or any other traffic. The Syn shows, then I get 2 TCP transmission reused, and no other traffic. However when looking at the Windows firewall log it shows that it is dropping packets from my external IP. The issue I have here is I have a Windows firewall allow rule for both inbound, and outbound FTP traffic, and it still drops the packets. I have disabled the Windows firewall to test with no change. I have been running in circles, and can not come up with and solutions. Any one have ideas? Thank you for the help in advance.
 

Neemobeer

Cloud Security Engineer
Staff member
Sounds like you're trying to use FTP in active mode which doesn't really work through NAT. You'll either want to setup for SFTP (much more secure too) that uses a single port (typically 22) to handle the connection and data transfer or switch to passive mode FTP which was designed to traverse NAT.
 

ToMEDGEl

New Member
Sounds like you're trying to use FTP in active mode which doesn't really work through NAT. You'll either want to setup for SFTP (much more secure too) that uses a single port (typically 22) to handle the connection and data transfer or switch to passive mode FTP which was designed to traverse NAT.
Hello Neemobeer, Thanks for the response. I am using the FTP server for security camera backups. The cameras are set in PASV, I changed from Auto prior with no change. Can I set up a device for SFTP or does the device need to support that protocol? I dont think I mentioned in my prior post, I also have it setup on my Lan, and using my local IP on the Lan those devices work with no issues. I had suspected an issue with the device, but after working with the manafacture to a test FTP they host it worked with no issues. So, I originally thought it could be my edge firewall, but it is allowing the traffic to pass, with no drops. That is when I started looking at the Windows firewall, and found the odd instance that the Windows firewall was dropping the packets.
 
Top