try urging the portforwarding option then
according to the info above:
winscp wouldn’t work too, since it uses ssh protocol.
ok then, according to the previous post, there is no official way, as of now.
You can hack you device though. You can try SSH or even re-flash your Shield with full MOX firmware. By doing manual changes you may loose smooth update (automatic update will overwrite your manual config) & eventual Shield-intended support.
mox firmware supports everything you need. shield firmware is a stripped version of it IIUC
One important note:
what many users often miss, and keep forgetting, when they do port forwarding, is that they open the port to the whole world - all the millions of bad guys worldwide. That is not good idea at all. Why not to limit the access to IPs you need to use? like if you need to connect from work to home, you will limit the port to accept connection from you work IP:
config redirect
option name 'RDP from office'
option target 'DNAT'
option proto 'tcp'
option src 'wan'
option src_ip '130.117.15.162'
option src_dport '3389'
option dest 'lan'
option dest_ip '192.168.1.11'
option dest_port '3389'
that is often missing - option src_ip '130.117.15.162'
even on Firewall configuration (plugin) for port forwarding (#150) · Issues · Turris / Foris Controller / foris-controller · GitLab it is missing.
Or, if you need to connect home from mobile network, you will find (or ask your provider for) their IP address pool. For example for Tmobile CZ you will find you mobile behind IPs 93.153.42.167, 78.80.20.111, 37.48.12.201, 37.48.3.153. In worst case you can allow access for whole Tmobile network, what you can find on RIPEstat - Announced Prefixes.
It is still much much better than opening your devices to the Most evil countries
The dynamic firewall on turris devices is designed to protect you exactly from this.
Restricting port forwarding to source IP/ranges is of course a good idea.