Changes to our small business have meant that I have had to move some of our office network setup to my home. I am not an IT pro and have superficial knowledge of IT networking. I bought a BT business fibre connection and bought the Draytek Vigor2865AC to replace the limited firewall on the BT Smarthub 2. I've got it setup and running with a PC, a tablet and a laptop accessing the internet through the wireless connection. I also have a file server plugged into one of the Draytek ethernet ports that is part of a WAN wide digital file content delivery network (CDN). In the past we have used ftp from inside the office LAN to send content to the server and then used the online web based Cpanel of the CDN to setup the delivery to other nodes on the WANwide CDN. The CDN connection is through a couple of firewall rules allowing access by specific WAN IPs. This has been verified as visible on the CDN and appears to be setup correctly.

In order to upload files to the server for onward delivery through the CDN I have setup an SSL VPN tunnel using the Draytek client with all the defaults and can succesfully connect to the LAN side file server from the internet and then use filezilla to ftp into the file server. I can transfer files and they pass through fine. However, after transferring, the files don't write to the server and the transfer fails with "critical error" and an error message on Filezilla that it "cannot write to local file". I've tried editing my firewall rule to open all the ports and even allowing everything through to test if the firewall rule was causing the issue but still the files will not write to the local file. I can sucessfully transfer files to the server if I connect the donor pc to the LAN and ftp from there. Can anyone advise on what might be causing the problem when I try to FTP through the VPN from the WAN and how to fix it? Thanks

Which ports do you have open? Remember with FTP there is more than one port which needs to be opened.

Thank your for your reply tfgst, I've tried transferring a file with all filter rules disabled on the router (i.e. all ports open as I understand it) but the issue still occurs.

I checked online and apart from disk space issues (which I have ruled out) the following advice on a "cannot write to local file" following FTP transfer was given.

• The permissions on the folder (on the FTP server) do not allow this user to store files in it

I've asked the server admin if there are any rules on the server for VPNs and he has replied that there aren't. He asked me if passive FTP 49152 to 49162 were open, but as I explained above I tried with only the default "pass" rule active and the problem still occurs so my understanding is that ports 49152 to 49162 were open by default.

Is port 21 open?

Here are the settings of the rule I have to allow ftp to the Server. I did have it set to 21 but have now just kept it open while I troubleshoot for the solution.

Direction: WAN -> LAN/DMZ/RT/VPN
Src IP: Any
Dst IP: (LAN Static IP of Server)
Service Type: Any
Action: Pass Immediately

The rule below this one is a block all.

I really am not an expert on this, but why have you created a firewall rule and not used either port redirection or open ports under the NAT heading?


As a temporary measure, have you tried putting the device into a DMZ and seen if that works?


I had a fairly similar issue and in the end had to use Wireshark to see what ports the sending was sending data to me on. In my case, port 21 was the comms port and then I had to open 55551 > 56495.