Secure FTP Login Issue: NAT Router Configuration for Passive Mode and Port Forwarding

FileZilla Server is a server that supports FTP and FTP over TLS which provides secure encrypted connections to the server. FileZilla supports TLS, the same level of encryption supported by your web browser, to protect your data. Kindly refer to this detailed guide on how to connect to a FileZilla Server: How to install and configure a FileZilla Server on Windows. In this article, we will discuss how to resolve “Secure FTP Login Issue: NAT Router Configuration Needed for Passive Mode and Port Forwarding”.

FileZilla Clients are available for Windows, Linux, and macOS, but the servers are available only in Windows. Both server and client support FTP and FTPS, while the clients can also connect to SFTP servers. To reiterate further, FTP is a TCP-based service exclusively and there isn’t a UDP component to FTP.

FTP is a service that utilizes two ports, a “data port” and a “command” port (also known as the control port). These are port 21 for the command port and port 20 for the data port.

This is not an error but a warning giving you some basic information you need. Once connected to the server, you’ll get a screen like below. It’ll give you some basic info about the server and also auto-detect if you are behind a NAT router.

- If you do not want to allow connections to your FTP server from the Internet, and wish to use it only in your local network only, you can ignore these passive mode settings that is needed to fix this issue.

You may also want to see how to access FTP Server from your browser: How to create a shortcut and access Filezilla from Windows Explorer.

Initial Configuration of FTP Server

When launched for the first time, it will ask you to configure the FTP server. Leave the Host (127.0.0.1) and admin port (14147) as default.

Type a new password (You will use this password for administering the FileZilla FTP server) and Press Connect.

You can also set this password at a later time under the Admin Interface Settings.

When you try to connect, you will be prompted with the following warning below. Note: By default Active Mode is the default mode for FTP.

To learn more about Active and Passive Mode, kindly refer to this guide “How to install and configure a FileZilla Server on Windows“.

Solution “NAT Router Configuration Needed for Passive Mode and Port Forwarding”

Click on the icon (settings) below to open the general preferences. Alternatively, you can also click on the Edit Menu and Settings

This will open the FileZilla options as shown below. Set the FTP connection port, this is the default port “21” anyways.

Navigate to the Passive mode settings and check to use the custom port range.

If you do not want to allow incoming connections on all ports or if your FTP server is behind a NAT router, you need to configure FileZilla Server to use a specific range of ports for passive-mode connections say from 1000-2300 etc. These ports must then be opened on the firewall. If you have a NAT router, you need to forward these ports to the local machine where FileZilla Server is installed.

Create user accounts and shared folders Secure FTP Login

Create a user by using the Add button as shown below. Now that the account has been created, we will need to create a password. Select the user and create a password for it as shown below.

Click on the shared folders and click on Add, select the folder and assign the needed permissions.

When you are done, click on Okay.

Configure the Windows Firewall: You will need to open the FTP port on the Windows firewall (or on other firewalls if necessary). Here we have chosen the default port, 21, but it can obviously be any other port. If you are working in a cloud environment, you will need to configure additional rules to permit external connection.

Enter the program part and follow the needed steps. You may want to see this guide on how to create a Windows firewall rule on Windows or “how to resolve request timed out when pinging“.

Connect to a Filezilla Server from Windows: 

If you do not want to allow connections to your FTP server from the Internet, and therefore for use in the local network only, you can ignore these passive mode settings.

To download the FileZilla client, you will need to download the FileZilla client installer from the Filezilla site.

Follow through the installation steps and on the “Choose Start Menu Folder” as shown below, click on Install.

When the installation is complete, launch the FileZilla client and connect as shown below. You should now be able to connect to your FTP server from a different device or on the same host as shown below.

Kindly “login” with the username and passwords you have set. If you have configured FTP over TLS, you should be able to connect to the FTP server with FTPS to utilize encryption.

When prompted with the following notification below, click on Ok as we are already aware of this issue.

As you can see below, we have successfully connected to the FileZilla server via the FileZilla client.

Note: You can also connect to your FTP server via the Command Prompt as shown below. All you need to do is type “ftp <filezilla server IP>” and click on enter.

As you can see below, the connection to the FileZilla server was successful.

I hope you found this blog post on “Secure FTP Login Issue: NAT Router Configuration Needed for Passive Mode and Port Forwarding” helpful. If you have any questions, please let me know in the comment session.