Enter search queries below or use the tag links to the right to browse the knowledge base by category (Show All Tags).
Using Robo-FTP behind a NAT router firewall
The original FTP protocol specification requires the client computer to start a session by making an outbound connection to a server computer. When the client requests a file transfer or directory listing, the server computer initiates a data connection back to the client computer. This is known as "Active Mode" data transfer.
Modern firewalls are often configured to refuse incoming connections from remote computers. There are several approaches to resolving this issue:
Use "Passive Mode" for data transfers. Firewalls are more accepting of Passive Mode because the client initiates an outbound data connection rather than accepting an incoming connection from an external computer. You can only use this option if the server also supports Passive Mode.
If you are stuck with Active Mode, the /myipaddr=xx option of the FTPLOGON command may be used to force Robo-FTP to send your NAT router's public IP address instead of your client computer's private IP address to the FTP server in the PORT command. If you use this option you'll probably also need to use the /minport and /maxport options and then configure port forwarding on your router.
Upgrade your NAT router to one that is able to recognize and understand the FTP protocol. Many modern firewalls are able to parse the FTP control channel and open the necessary ports on-the-fly.
If you are using FTPS to send encrypted data, even a protocol aware firewall will not be able parse the FTP control channel. One possibility in this scenario is to leave control channel unencrypted by using the /servertype=FTPSCCC option of the FTPLOGON command.
Article last updated: 2022-01-07
Tags: NAT, router, Firewall, Robo-FTP, FTPS