Allowing FTP In (Yes, I hate it)

I have a client with a Unifi USG-Pro-4 router/firewall. They have a specific application that requires ports 20, 21, and 23 open inbound via a port forward.

I’ve created all the port forwards, and the system created the firewall rules. All is “allowed.”

When I test port 23 from the Internet, it shows as open. But ports 20 and 21 both show as closed.

Is there something somewhere that would deny these FTP ports by default that I’m missing? I can’t find anything. Is it possible the ISP (Comcast) is blocking this?

It worked for a long time- not sure when it stopped (some time in early 2021). They only use this system once per month for some sort of reporting.

All my other port forwards (for DVR’s and such) are working fine- just these two ports are an issue. And I’ve recreated the port forwards just in case there was some sort of corruption.

Thoughts appreciated.

Hard to say for sure, but many providers block a few ports on consumer service such as 25, FTP might be one of them.

Can you reach those ports internally?