Time Capsule Does Not Port Forward FTP Ports

It is possible that the TC is using the FTP protocol for file backup or remote access to files stored on it. If it does then you won't be able to forward the FTP ports as only one device can use the ports. It would make sense for Apple to use FTP for remote file access, and the only way they could fix it would be to have an option that stops the TC using FTP ports when remote file access is off.

I don't know your background but I presume that the remote client is using passive mode PASSV for FTP as this is required to access an FTP service behind NAT. Also I presume your internet connection is provided using a modem connection that gives a genuine internet IP address to your TC rather than a router that is performing NAT in front of your TC, this would require port forwarding and depending on the FTP client may not work at all if you have double NAT.

I have the exact same problem.

Telnet (23), FTP (21) and RDP (3889) TCP ports are forwarded on the Time Capsule from internet to a secure machine on the internal network.

Telnet and RDP work fine from external machines, but FTP is blocked by the Time Capsule.

I am having a problem establishing an FTP session that is started with my FTP Client (CuteFTP) on my local network and attempting to connect to an FTP Server with one of my hosting providers. My first few attempts used FTPS (Secure FTP) as that is what I typically use when transferring FTP packets over the net. Well, this didn't work so I thought maybe the Time Capsule had a problem inspecting the encrypted packets so I switched to standard clear-text FTP just to see if the Time Capsule handles FTP session management functions correctly. This didn't work either. I'm using PASV FTP and have never had a problem before with my CISCO Router or with another consumer-based NAT router. I don't believe that the Server on the Internet gets the initial request on port 21 as I believe the Time Capsule is not allowing the packet to pass and my FTP Client spits back an error message : "Couldn't access FTP service " "Connection Failed". I have also used "Terminal" and initiated the ftp utility and attempted to connect to the same server and receive the following error message : "421 Service not available, remote server has closed connection.". I have attempted to put my computer in the DMZ by using the Default Host feature on the Time Capsule but that resulted in the same errors. I believe that I have tried most of the settings available on the Time Capsule to attempt to get this to work but no luck yet. If the packet is getting through to the server and the response back on the current ephemeral port is not getting through the Time Capsule I'm really hoping the solution is not having to port map all ephemeral ports as this is in the tens of thousands. Has anyone successfully established an FTP Session (Secure or Not) from your local client through the Time Capsule to a Server on the Internet. If so, could you help by providing any Time Capsule settings that were required for this to function properly....Thanks in Advance.

Note: I have attempted to ftp to several different public ftp servers on the Internet and get the same error results. I have no problems ftping to local serverson my local network.

I just purchased a 500gb TC and have not set it up yet but will see whats happening with FTP once I do. Try changing the port on your FTP server that accepts FTP requests. Most FTP clients will allow you to change this setting, you of course must change this setting on your FTP server as well. Then forward this port from your TC to the internal IP. It should work as I have done this before in situations where there are multiple FTP servers behind the firewall or router. I will test once I setup my own TC.

RESOLVED : I pulled out my packet sniffer to see what was going on and determined that the FTP session requests were getting to my FTP Server on the Internet and it was ACKing appropriately to the correct ephemeral port...etc. I took a guess and fixed the problem. On my FTP Server, I reply back with a rather lengthy "Connect Message" when the client first connects for legal purposes. This connect message is sent back to the client along with the normal 220 status. Well, I shortened the "Connect Message" and all worked OK....even FTPS. I haven't determined the max length of the "Connect Message" that the Time Capsule will support at this time, but Apple should probably enter this as a minor bug and fix in the next release by increasing this limit to spec.

I got the Same problem.
Did anyone solve it. I tried cutting down the welcome Message, but that doesn't seem to fix my problem.
All other ports seem to work. However I manage to crash the TC Totally by adding 400 ports in one setting (22000-22399) Had to reset the TC and start over after that. Did it again and crashed again.

SOLVED:
I routed the ftp port from 21 to 23 and changed the FTP software port to 23.
That seems to work.
I must be port 21 on the inside og the network that is the problem.

I got it to work with port 22 and using the sFTP settings on Transmit. Can't actually access TC however, just the laptop on the other side.

Anyone else had any luck with this issue? I have tried ports 22 and 222, but no luck. I cannot use 23 because that is my telnet port and that is working fine. HTTP is working also. I just cannot forward the ftp info to the ftp server. Thanks for any info you can provide.

Set up TC for Remote Log via SSH (Airport Utility > Internet > NAT >Configure Port Mappings). Click on the + sign > Choose a Service > Remote Log In -SSH.

If you use the FTP application Transmit you can then use the sFTP login configuration to to access any machine behind the laptop.

Hope this helps ?

HAvent tried port 22 only port 23, but I have had problems reaching the FTP in passive mode from some clients. Mostly PC.
Switching to active mode has helped. Mayby you cpuld try that on port 22.

Just upgraded to f/w 7.3.1, it fixes ftp forwarding and also VPN (contivity) problems I was having.

hi yoshac, now that's really interesting. I just backed off 7.3.1 to 7.2.1 on my aebs to resolve the FTP port 21 not being forwarded- refer http://discussions.apple.com/message.jspa?messageID=7394273#7394273