Well, you cant do it there, because you need to adjust the firewall
rules implemented ON the vpn qube.
>
> > What method are you using to set up the vpn?
> >
>
> I used the new community vpn setup
>
Right - but there are 2 methods outlined on that github page (if that's what
you mean by community vpn) - 3 if you include "vpn on sys-net". Did you
follow the "iptables and CLI scripts" section?
There's an added issue that you will have to consider and that is the
nature of FTP connections - when a client connects to a server, the
server may create a link back to a port specified in the original
connection: this is non-passive(active) ftp. If your FTP server does
this then you will have to enable a route through to the client qube.
The client may instead send a PASV command - then the server *may* send
back a listening port number, and the client will create a link to that
port.
So there are 4 possibilities, and the firewall rules you need will
depend on what are the capabilities of the server. Best check on that.