USG60 port forwarding (SFTP/FTP) does not work anymore

Pedro_vdePedro_vde Member Posts: 17  Freshman Member

Hello,

recently we changed the settings of our FTP server from serving plain FTP to SFTP. Initial test seemed to work, but now the forwarding seems to be stopped by our USG60.

When testing a login directly to the servers IP from the internal network the connection works, but when using the URL and thus coming in by the WAN the FTP-client gives an error that the connection is expired after 20 seconds of inactivity, Error: Cannot connect to server.

I have this settings regarding the NAT:

The Internal IP is set to "SynologyFTP":

When I connect using this IP-address from the lan, the connection works using both ports 21 & 22.

When I check the open ports on our domain or fixed IP address both ports seems open.

Anyone any suggestions or solutions?

Best Answers

  • Pedro_vdePedro_vde Member Posts: 17  Freshman Member
    Accepted Answer

    --- PROBLEM SOLVED ---

    I had changed the incoming port on the Synology to port 115 in one of the attempts before and forgot to put it back to port 22. Stupid me...

    anyway the solution to this issue:

    USG is using port 22 for SSH, Synology uses port 22 standard for SFTP access. USG was thinking that an FTP-user would try to login to the USG and overruled the port forwarding NAT. USG rejected the attempt.

    I've changed the USG SSH port to another port and have a NAT that forwards port 22 from the WAN to the Synology with the corresponding Security Policy.

  • Pedro_vdePedro_vde Member Posts: 17  Freshman Member
    Accepted Answer

    --- PROBLEM SOLVED ---

    When attempting to solve the issue in one of the previous steps, I've changed the SFTP incoming port on the Synology to 115. I forgot about that. Changed back to port 22 and the problem is solved.

    The issue was caused by the fact that the USG uses port 22 as the standard port to access SSH. I've changed the SSH port - as suggested by @USG_User - to another port.

    I have a port forwarding NAT for port 22 that goes to the Synology with the according Security Policy and the setup is working now.

    Thanks to @USG_User and @PeterUK to think along!

«13

All Replies

Sign In to comment.