通过路由器连接 FTP 时出错

我在 docker 容器中设置了 vsftpd，从 LAN 内连接 filezilla 客户端时一切似乎都很好。但是，当我尝试从 LAN 外部执行相同操作时，会出现以下错误。

Status: Disconnected from server
Status: Resolving address of mysite.com
Status: Connecting to 123.123.123.123:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/"
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   550 Permission denied.
Command:    PORT 192,168,1,18,237,37
Response:   500 Illegal PORT command.
Error:  Failed to retrieve directory listing

我认为根据 vsftpd.conf 文件，我在路由器上打开了所有必要的端口，20-21 和 21100-21110

[root@0e69f6d47359 /]# vim /etc/vsftpd/vsftpd.conf
# Run in the foreground to keep the container running:
background=NO

# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO

# Uncomment this to allow local users to log in.
local_enable=YES

## Enable virtual users
guest_enable=YES

## Virtual users will use the same permissions as anonymous
virtual_use_local_privs=YES

# Uncomment this to enable any form of FTP write command.
write_enable=YES

## PAM file name
pam_service_name=vsftpd_virtual

## Home Directory for virtual users
user_sub_token=$USER
local_root=/home/vsftpd/$USER

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES

# Workaround chroot check.
# See https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/
# and http://serverfault.com/questions/362619/why-is-the-chroot-local-user-of-vsftpd-insecure
allow_writeable_chroot=YES

## Hide ids from user
hide_ids=YES

## Set passive port address
pasv_addr_resolve=NO

## Enable logging
#xferlog_enable=YES
xferlog_file=/var/log/vsftpd/vsftpd.log
log_ftp_protocol=YES

## Enable active mode
port_enable=YES
connect_from_port_20=YES
ftp_data_port=20

## Disable seccomp filter sanboxing
seccomp_sandbox=NO

## Enable passive mode
pasv_enable=NO

## Make secure, per https://www.digitalocean.com/community/tutorials/how-to-configure-vsftpd-to-use-ssl-tls-on-an-ubuntu-vps
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

#After this we configure the server to use TLS, which is actually a successor to SSL, and preferred:
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

#Finally, we will require add some additional options to flesh out our configuration file:
require_ssl_reuse=NO
ssl_ciphers=HIGH

pasv_address=127.0.0.1
pasv_max_port=21110
pasv_min_port=21100

...但显然有些事情不对劲，我不确定需要调整什么？