How to Set Up FTP Access Through NAT for My Friend?

It sounds like you're making things more complicated than they need to be! If your router has a USB port, you can just plug in a USB router and set up port forwarding to allow outside access. For an FTP server, the setup should be pretty straightforward. You might also look into alternatives like using a NAS instead.

You’ve hit the classic FTP and NAT issue. FTP relies on two connections: the main control channel on TCP port 21 and a dynamically chosen port for data transfers. Since your server is behind NAT, it can’t tell your friend the correct data port to connect to. What you need to do is configure your FTP server to use Passive Mode with a fixed range of ports. Then, you’d have to expose that range through your Xray reverse proxy as well. Here are the steps:

1. Set your FTP server (like vsftpd) to use Passive Mode by enabling it and defining the port range in your configuration file.
2. Make sure to set it up so it doesn’t advertise your local LAN IP.
3. Add reverse proxy rules in Xray for each passive port.
4. Finally, adjust your firewall settings to allow that port range.

This will help you get the whole data transmission sorted out.

Honestly, FTP can be really tricky with NAT due to its random port usage. I'd recommend looking at a simpler and more secure option like SFTP. It uses a single TCP port, making it way easier to handle compared to FTP over NAT. Plus, it’s generally more secure for file transfers!