Opened 5 years ago

#11605 new Feature request

Allow specifying LAN addresses to be treated as external in PASV PORT

Reported by: A. Glez. B. Owned by:
Priority: low Component: FileZilla Server
Keywords: Cc:
Component version: Operating system type: Windows
Operating system version: Windows 10 Enterprise LTSB


When running in a home network with the ports mapped in the router FileZilla Server can't tell whether a connection is comming from the LAN or the Internet.

Look at this example setup:

  1. FileZilla Server Host
    • LAN IP:
    • FTP Port: 21
    • PASV settings:
      • Port Range: 5000-6000
      • Retrieve external IP address from: selected
      • Don't use external IP for local connections checked
  2. Network Router/Firewall
    • External IP: (dynamic)
    • LAN IP:
    • Mapped:
      • TCP 21 to port 21
      • TCP 5000-6000 to range 5000-6000

This is very common for home and small businesses where NAT is not available and the IP is dynamic.

Since the external IP is dynamic Retrieve external IP address from: is the only acceptable option. If you uncheck Don't use external IP for local connections most connections from LAN will fail because most household routers I've seen don't handle LAN -> External IP connections properly. This is most noticeable when the router was provided by your ISP so you can't tweak it or update the firmware.

The issue here is that passive connections comming from respond with PORT 192,168,0,5,XX,YY instead of PORT 200,200,200,200,XX,YY because FileZilla server has no way of knowing those connectios are actually comming from the outside.

Fortunately modern clients will properly handle cases where the PORT response us pointing to LAN IP addesses but not all do.

What I'm requesting is a way to tell FileZilla Server which LAN IP addresses should be treated as external when sending PASV PORT responses.

In the previos example we add:

  1. FileZilla Server Host
    • PASV settings:
      • External LAN IPs:

Then the responses are:

  • source: except response PORT 192,168,0,5,XX,YY
  • source: response PORT 200,200,200,200,XX,YY

This can be extended to support more complex scenarios but those are outside the scope of this request.

Change History (0)

Note: See TracTickets for help on using tickets.