[Docs] Update VP proxy docs, ports, and diagram for #757

  - Add ports 6000 (file transfer) and 322 (RTSP camera) to Dockerfile
    EXPOSE and docker-compose.yml bridge mode port mapping
  - Update migration doc with new proxy mode port requirements
  - Regenerate proxy-mode-diagram.png with all proxied ports

Dockerfile

@@ -53,11 +53,13 @@ ENV DATA_DIR=/app/data
 ENV LOG_DIR=/app/logs
 ENV PORT=8000
 
+EXPOSE 322
+EXPOSE 990
 EXPOSE 3000
 EXPOSE 3002
+EXPOSE 6000
 EXPOSE 8000
 EXPOSE 8883
-EXPOSE 990
 EXPOSE 50000-50100
 
 # Health check (uses PORT env var via shell)

docker-compose.yml

@@ -10,8 +10,8 @@ services:
     # Override with: PUID=$(id -u) PGID=$(id -g) docker compose up -d
     user: "${PUID:-1000}:${PGID:-1000}"
     #
-    # Proxy mode: allow binding to port 990 (FTP) as non-root user.
-    # Without this, the FTP proxy silently fails and sending prints won't work.
+    # Proxy mode: allow binding to privileged ports (322, 990) as non-root user.
+    # Without this, the FTP and RTSP proxies silently fail.
     cap_add:
       - NET_BIND_SERVICE
     #
@@ -27,6 +27,8 @@ services:
     #  - "3002:3002"                  # Virtual printer bind/detect
     #  - "8883:8883"                  # Virtual printer MQTT
     #  - "990:990"                    # Virtual printer FTP control
+    #  - "6000:6000"                  # Virtual printer file transfer tunnel
+    #  - "322:322"                    # Virtual printer RTSP camera (X1/H2/P2)
     #  - "50000-50100:50000-50100"    # Virtual printer FTP passive data
     volumes:
       - bambuddy_data:/app/data

docs/migration-vp-ftp-port.md

@@ -1,11 +1,11 @@
-# Migration: Virtual Printer FTP Port Change (9990 -> 990)
+# Migration: Virtual Printer Port Changes
 
-## What Changed
+## FTP Port Change (9990 → 990)
 
 The Virtual Printer FTP server now binds **directly to port 990** instead of port 9990.
 Previously, an iptables `REDIRECT` rule was required to forward port 990 to 9990.
 
-## Why
+### Why
 
 The iptables `REDIRECT` target rewrites the destination IP to the **primary address
 of the incoming network interface**. When running multiple virtual printers on
@@ -16,6 +16,18 @@ when VPs have different access codes.
 By binding directly to port 990, iptables is no longer involved and each VP's
 FTP server correctly receives only its own traffic.
 
+## New Proxy Mode Ports (6000, 322)
+
+Proxy mode now requires two additional ports:
+
+| Port | Protocol | Purpose |
+|------|----------|---------|
+| 6000 | TCP/TLS | File transfer tunnel (verify_job + print uploads) |
+| 322 | TCP/TLS | RTSP camera streaming (X1/H2/P2 series) |
+
+These ports are proxied automatically — no iptables rules needed. If you have
+a firewall, ensure these ports are open between the slicer and Bambuddy.
+
 ## Migration Steps
 
 ### Linux (Native / systemd)