I've set up an FTP server behind a firewall with 1-1 NAT for public IP to internal access, but I'm running into problems. Our application uses FTP to download files in the background, and when external users connect, the FTP enters passive mode and reveals the internal IP address instead of the public IP. This causes the external network to fail to connect since they can't access the internal network. I've read that I should use the public IP for passive mode instead of the hostname, but the public IP won't work for internal network connections. What can I do to fix this issue without breaking internal connectivity?
4 Answers
Honestly, consider ditching FTP altogether. It's outdated and not secure. Instead, look into using SFTP or SCP as they offer better security and could solve your internal/external access issues.
If you must work with FTP, consider setting up an FTP server on an EC2 instance. It's a workaround, but it works if you have to support outdated systems. Just ensure your file transfers are secure and encrypted whenever possible.
You're really looking at a better solution than FTP for a modern setup. Consider cloud sync solutions or rclone, which work well for large files too.
Have you thought about using an FTP ALG in your NAT settings? That can help manage the connections better and might solve the IP resolution problem you're facing with passive mode.
What alternatives do you recommend that can handle large files? We're working with dependencies that are over 6GB.