Make FTP Active Mode Passive

First thing I should say is about the FTP active/passive mode, or say PORT/PASV mode.
We can read the differences from wikipedia or Active FTP vs. Passive FTP, a Definitive Explanation.

The two mode indicates who initialise the data connection and the active/passive is used to describe server’s action.
Active mode: server create a connection to the port client gives.
Passive mode: server receive a connection from a client.

I saw a program implements its own ftp client, only active mode is supported, which means the server must have a *direct* access to any port client tells server to connect to, and the program is NOT patchable.
I need to make this program running behind a router and many many levels of VPN/PPPoE servers, if I want ftp client working, I have to set up lots of NAT and port forwarding, if I have more than one client, I may need dynamic port forwarding, that is a bad solution.

CLIENTS ======> VPN/PPPoE Server 1 =======> VPN/PPPoE Server 2 =======> VPN/PPPoE Server 3 =======> SERVER NETWORK

Good news is the FTP server supports passive mode, if I can set up a proxy/gateway in the same subnet clients locate, which can forward the active mode to a passive mode connection, clients may work.

CLIENTS =======FTP=ACTIVE=MODE======> PROXY/GATEWAY ======FTP=PASSIVE=MODE======> SERVER

I found a FTP proxy: jftpgw.

jftpgw is an FTP proxy/gateway that uses the FTP protocol (unlike those FTP proxies that fetch an FTP file but work as an http proxy). You can use it to make servers behind a firewall/NAT server (masquerading server) accessible or to allow users behind such solutions to transfer files to and from the outside of the LAN.

Environment

Remote FTP Server IP/Port: 10.200.3.3/21
FTP account/password: aaaaaa/bbbbbb

VPN/PPPoE Server: 172.16.10.1
VPN/PPPoE Subnet: 172.16.20.0/24
PPPoE device on Server: ppp2560 (by setting up unit in peers’ config)

PPTP/L2TP: Notes: PPTP/L2TP Server on Ubuntu
PPPoE: Set up PPPoE Server on Ubuntu

Configuration

jftpgw

iptables

This should be set up at VPN Server 1 to hijack connections and forward to local ftp proxy.

Make FTP Active Mode Passive by @sskaje: https://sskaje.me/2014/07/ftp-active-mode-passive/

Incoming search terms: