This may assist
Can we edit the connection tracking module for FTP to use the port number other than TCP/20/21
Scenario: We have a server that runs an FTP service listening on TCP/10248. Our clients connect to that server on that port and FTP files to us for daily processing. The problem is, the FTP protocol sends a command (Either PORT or PASV, depending on settings) that includes the IP Address of the server or client, that the other should connect to. When FTP runs over TCP/21, the SG does “connection tracking” to mangle the PORT or PASV command, to change the IP address in the payload to the proper NAT address. IE, if the server sends the PASV command (Something like: PASV (10,240,0,16,51,230)), the SG will change the payload to read PASV (65,213,255,98,51,230) and open and forward the appropriate ports so that the ftp client connects to the proper address, instead of attempting to connect to the internal NAT address.
However, if the FTP service is running on a port different than TCP/21, for example TCP/10248, then the connection tracking does not occur, and the remote client attempts to connect to the internal NAT address, which of course won’t work.
Solution: In the ‘start’ file in /etc/config, place the following lines:
insmod -o ip_conntrack_ftp_10248 ip_conntrack_ftp ports=10248
insmod -o ip_nat_ftp_10248 ip_nat_ftp ports=10248
That way, insmod loads the modules needed with the proper port parameters at start.