The FTP has 3 types of ports you can control.
1) The port to accept new control connections on (Port=), must be forwarded in router.
2) The passive port(s) for incoming data connections (Ports=), must be forwarded in router.
3) The active port(s) to use for outgoing data connections (Out_Ports=). Usually outgoing connections are passed through by most NAT routers without any special configuration, but if blocked for some reason must be allowed.
You, however, have no control over what the client port for the other half of each style (passive/active) will be because the client chooses that. Just use two firewall rules, one using the incoming port range(s), and the other the outgoing port range(s).
Most of the time you'll just need to write one rule to cover 5420-5450 incoming so they will be forwarded to the correct machine.
|