Setup ftp server behind pfSense

Simple Port Forward to FTP Server

  1. Delete any FTP rules
  2. Setup the FTP server to have a narrow range for passive ports. Keep enough based on usage and FTP server requirements but as low as possible for security reasons. This may take some experimenting and tweaking. Exactly how to do this will vary based on the FTP server software.
  3. Set the passive IP response to respond with the PUBLIC IP address forwarded in pfSense. Again how to do this will vary based on FTP server and some do not have the capability.
  4. Create port forward rules to forward BOTH port 21 and the passive range specified on the FTP server to the local LAN IP of the FTP server.

See this article for better detail: Using NAT and FTP without a Proxy.