User profile for user: RTC68
RTC68 Author
User level: Level 1
9 points

two ftp servers behind AirPort Extreme router

Hi there, I have two computers connected to the same Airpot Extreme router. I want to enable ftp for both computers. I am able to connect to one both inside my network and from outside. I can access the second server internally. However, I cant access the last one from outside of the network. Can some one please help?

This is how I have configure my router:

Server 1 Server 2

Public UDP Port: 21 Public UDP Port: 2121

Public TCP Port: 21 Public TCP Port: 21

Private IP Address: 10.0.0.2 Private IP Address: 10.0.0.3

Private UDP Port: 21 Private UDP Port: 21

Private TCP Port:21 Private TCP Port:21


Thanks for your help

MacBook Air (11-inch Mid 2011), iOS 9.0.2

Posted on Dec 5, 2017 11:56 AM

Reply
Question marked as Top-ranking reply
User profile for user: LaPastenague
LaPastenague
User level: Level 9
67,262 points

Posted on Dec 5, 2017 12:21 PM

You cannot port map the same port to two different IP addresses.


What you need to do is port translate.


So you have Server 1 with UDP port of 21 and TCP 21


Setup Server 2 with both UDP and TCP port of 2121 .. the port translation to 21 on the local lan side is fine.


If you made a typo and the TCP port is wrong in your post tell me.


Also you really should not expose FTP to the world.. it has zero security.. People use SFTP now.


You could also consider using one SFTP server and one FTP just for junk..


As a BTW.. I frankly am amazed you can get port mapping of FTP to work at all.. There is a general problem on Airport Routers with FTP.. which is another good reason for SFTP.

View in context
3 replies
Question marked as Top-ranking reply
User profile for user: LaPastenague
LaPastenague
User level: Level 9
67,262 points

Dec 5, 2017 12:21 PM in response to RTC68

You cannot port map the same port to two different IP addresses.


What you need to do is port translate.


So you have Server 1 with UDP port of 21 and TCP 21


Setup Server 2 with both UDP and TCP port of 2121 .. the port translation to 21 on the local lan side is fine.


If you made a typo and the TCP port is wrong in your post tell me.


Also you really should not expose FTP to the world.. it has zero security.. People use SFTP now.


You could also consider using one SFTP server and one FTP just for junk..


As a BTW.. I frankly am amazed you can get port mapping of FTP to work at all.. There is a general problem on Airport Routers with FTP.. which is another good reason for SFTP.

Reply
User profile for user: Drew Reece
Drew Reece
User level: Level 6
10,684 points

Dec 5, 2017 12:39 PM in response to RTC68

You can find info comparing ftp/sftp if you look around…

http://radinks.com/sftp/FAQ.php


I have to back up what LaPastenague said, ftp is terribly insecure & prone to receiving many attacks when exposed publicly, passwords can be vulnerable to dictionary based attacks. At the very least you need a good firewall to reduce the number of scripts that perform automated attacks & active monitoring of that.


SFTP can use ssh keys & be setup to ignore passwords. It's configured as part of the ssh server on OS X/ macOS.


The remote access toggle enables ssh & sftp, test locally with no ports open for it before you try external use.


P.S. I think Airport routers can also automatically announce your ssh connection externally - wide area bonjour. Meaning that port mapping is not required to get in from the outside world. LaPastenague will know more about that config than me 🙂.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

two ftp servers behind AirPort Extreme router

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up