1. First you have to find out the IP address of your FTP server, as shown in Figure 1 below. If you don't know what is your network's structure (whether it is behind a router or a firewall), you can figure it out by the IP address of the FTP server.
If the IP address is private IP within 192.168.*.* or 10.*.*.* or 172.13.* .*- 172.32.*.*, then the server could be located behind a NAT device (ADSL/Cable router is the most common NAT device). Users from the public internet could not access your FTP server directly using this private IP. Since your server is located behind a NAT device, the NAT device must have a WAN interface with a public IP address, which is accessible by users from the public internet. You have to set up the FTP server to use WAN interface IP or domain name of this WAN interface.
However, if your FTP server's IP is not within the above private IP ranges, your server must already use public IP. So your FTP server could only be behind a firewall, in that case you may only need to open a range of PASV ports for your FTP server.
Figure 1. How to find your FTP server's IP address?
2. You need to find out your ADSL/Cable router's WAN interface IP. If your ISP doesn't give you a fixed IP address to WAN interface, you will need to apply a DDNS name (dynamic domain name service) for WAN interface. So users will always access your FTP server by this domain name. You could apply a free DDNS name from DDNS service provider such as dyndns.org, NO-IP.com etc. In this example, we use the account "testuser" of DynDNS.org and the DDNS name "myftp.blogdns.org" for WAN interface. Many routers had embedded some popular DDNS service providers. We use the Linksys router in Figure 2 as an example to show how to set up a DynDNS.org account for DDNS support.
Figure 2. Setup DDNS support for the DynDNS.org account in the Linksys router
3. You have to choose a range of ports used for passive mode (you could find the answer from Google, if you don't know what is passive mode in FTP). You would better choose a port range above 10000 since it will reduce chance of ports conflicting with other applications. In this example, we choose port range 60010 - 60030.
4. You have to set up the above DDNS and passive port ranges for your FTP server. Go to "Global Options->General->NAT and Firewall" as shown in Figure 3.
Figure 3. NAT and firewall settings
Click the "Setup..." button in Figure 3. Set passive port range and the domain name of WAN interface as shown in Figure 4.
Figure 4. Passive port range and WAN interface domain name
5. Now you have to set up port forwarding inside router. The purpose of port forwarding is to open up ports in the router so that outside traffic to the opened ports will be forwarded directly to the internal FTP server.
Before setting up port forwarding inside the router, you must make sure the machine of your FTP server is using fixed IP instead of dynamic IP from DHCP.
This is very important because port forwarding requires destination IP to be fixed. If your server is using dynamic IP from DHCP, the next time the IP changes, port forwarding settings will become invalid.
In our example, the machine of the FTP server is using the fixed private IP 192.168.15.110.
Then you have to set up port forwarding for both standard FTP control port 21 and passive mode port range 60010-60030. We use the Linksys router as shown in Figure 5. Different routers may have different menus for port forwarding, so you may need to read router manual. Note, that some special types of firewalls may require opening outgoing port 20, please check the troubleshooting section below for detailed information.
Figure 5. Setup port forwarding for FTP server inside Linksys router