sportsphotog91

Q: How do I make my FTP accessible from outside the local network? (El Capitan)

I would like to make my FTP share folder accessible from outside of the local network. I have already verified local access to the FTP server but I have no idea where to start to make it reachable from outside the local network. In the "Reachability" test, it says "no services available." The only services I have enabled are "File Sharing" and "FTP."

 

Currently, I'm using the OS X Server app to allow for cameras connected via ethernet to send files directly to my computer. I have verified this works perfectly fine. Each camera has its own manual IP address (automatic is an option, but why not keep things more controlled) and the destination IP address is a custom IP address I gave my computer. I'm going to have to enter all the connection and login info on many cameras (via a scrolling wheel and no keypad), so I'm keeping everything as simple as possible and am avoiding using IP addresses that are scattered.

 

Now, I would like to add the ability to allow a computer/camera from outside of the local network connect with the FTP server.

 

I do own a domain name for a personal website. It would be cool if I can make my server reachable by typing "ftp.domainname.com," if that is possible, I think it should be. (Is it setting up a CNAME "ftp" to direct to outside IP address of the server?)

 

(I'm running on an early 2011 MacBook Pro, El Capitan 10.11.5 and Server OS X 5.1.5)

 

Thanks for any help!

MacBook Pro (15-inch Early 2011), OS X El Capitan (10.11.5), Server OS X 5.1.5

Posted on Jul 19, 2016 6:12 PM

Close

Q: How do I make my FTP accessible from outside the local network? (El Capitan)

  • All replies
  • Helpful answers

  • by Strontium90,

    Strontium90 Strontium90 Jul 20, 2016 4:36 AM in response to sportsphotog91
    Level 5 (4,067 points)
    Servers Enterprise
    Jul 20, 2016 4:36 AM in response to sportsphotog91

    There are a few things you need to do to make this work.

     

    First, determine if you have a fixed public IP address or a dynamic.  If fixed, it is easier.  If dynamic, look into a Dynamic DNS service to link a name to the ever changing IP.

     

    Let's assume you have a fixed IP address from your ISP.  For illustration, let's assume it is 17.18.19.20.  You stated you own a domain name.  Log into your domain registrar and edit DNS, pointing a name (maybe ftp.yourdomain.com) to the public IP address.  Now, you can use a name instead of a number to connect.  If you are doing this only for yourself, the DNS step is not really needed.  If you plan on provided FTP as a service to others, giving them a name is preferred to giving a number.  If you have no records pointing to your IP address, use an A record.  If you have a record pointing there already, create a CNAME record.

     

    Next, in order to allow traffic in, you need to modify your firewall to port forward port 21 to the LAN address of your server.  For example, your rule would allow all traffic on port 21 to come through the firewall to the LAN address of your FTP server.  What device are you using for the firewall?  The ISP's provided modem/router?  Your own firewall?  In either case, log in and log for a setup wizard.  Many have a tool to make the creation of port forwards easy.

     

    One final thought.  Please be aware that FTP is not a secure protocol.  All communication (including authentication) is sent in clear text.

     

    Reid

    Apple Consultants Network

    Author - "El Capitan Server – Foundation Services"

    Author - "El Capitan Server – Control & Collaboration"

    Author - "El Capitan Server – Advanced Services"

    :: Exclusively available in Apple's iBooks Store