I purchased a new Airport Extreme AC several weeks ago (mostly because I wanted it - and not because I needed it). It has been working great - setup was very quick - and it even copied all of my settings from the TC during the setup process. This is a significant plus - if you have a lot of DHCP reservations and other non-default settings. until I discovered a few days ago that external access to FTP was no longer working - or - at best intermittently working. I had previously been using a 3rd Generation Time Capsule - and FTP was working fine with the TC.
I actually put the TC back in place as the router - and FTP again worked fine by port forwarding Public TCP port 21 to private TCP port 21. External FTP via the Time Capsule works fine - whther or not you are sharing the attached drives (internal as well as USB extrnal drive). I aslo did the same thing with a 2nd Gen Airport Express - and external FTP worked fine. (The Airport Express does not support the connection of a USB drive). The TC, Airport Extreme AC, and Airport Express are all on the latest firnware - 7.6.4.
I tried the Airport Extreme AC - both with a USB drive attached (and with file sharing enabled) and with no USB drive attached (with file sharing disabled). The results were the same as intially - external FTP would at best be flaky - and would hang on every other external connection attempt. It seems that after a restart of the Airport Extreme AC - that external FTP would appear to be reliable for a handful of intial connect attempts - but would soon revert back to the intermittent hang upon external connect.
In all cases - with the Airport Extreme AC - internal FTP would be fine - not so much as even a hiccup.
Also - I should note the FTP server in question - is a D-LINK DNS323 NAS. I tried extenal FTP using 2 other FTP servers - and the results were the same. The problem is not the DNS323 and is definitely the Airport Extreme AC. I suspect that this is a bug - vs a non-supported feature - as it appears that external FTP is allowed on port 21 - and the AC is hiccupping on the port forward on a frequent basis. I think if it were a "limitation" of the AC - then external FTP would simply not function at all.
I have tried the various solutions suggested in this thread - to no avail. Putting the FTP server into the DMZ (default host) resulted in no change in the intermittent connects. Using FTP on an alternate port (port 1027) for both external and internal - resulted in service not available. Using external port 1027 and internal 21 - also results in service not available.
The one solution that works (although not optimal) is to run the FTP Server - (in this case the DNS323) on port 1027 internally - and port forward external TCP 21 to Internal TCP 1027. This allows an external user to type in: ftp myftpserver.mydomain.com - and connect via port 21. The downside of this is that it will not work internally - in that internally you cannot specify ftp myftpserver.mydomain.com - as it results in service unavailble - whereas with port TCP 21 forwarded to TCP 21 - you can use the external domain name - either internally or externally - and both resolve correcdtly. With the TCP 21 -> TCP 1027 - internally you must specify the port number on the ftp command line: ftp myftpserver.mydomain.com 1027 (in Mac - Unix and Linux) but for an internal Windows user - the windows ftp command line does not allow the port number to be specified on the command line - you must either use a script file with the ftp command - or the use must say "ftp" and then at the ftp prompt - type in "open myftpserver.mydomain.com 1027". This is rather painful - but it does get around the intermittent external ftp failure.
The last observation that I wanted to point out is that I have an iPhone Password app (called Keeper). I have used it for a long time - and I back it up by exporting my encrypted datafile to my ftp server. The app does not allow the port number to be specified - but it does allow me to specify active or passive ftp. When the Time Capsule is the router - and external port 21 is forwarded to internal port 21 - the Keeper app exports the file just fine - either using passive or active FTP. But ... with the Airport Extreme AC (even with external port 21 forwarded to internal port 1027) - the keeper app is unable to connect to the FTP server - and simply hangs. When it does not hang - it fails immediately. This is telling me that the Aiport Extreme AC (even with the non-standard port workaround) is not playing nice with all FTP clients.
I am not thrilled about how much time I have had to spend on this. I will contact apple - and most likely file a bug report - but I suspect I will be going back to a non-Airport router - because in the end - it may be the quickest solution.
Hopefully this post will help others. I am pretty confident that this is a "bug" - and not an intentional "We don't support external FTP on port 21" - (with or without an external drive attached to the Airport Extreme AC). I like the product otherwise.
~Scott