tinka
December 20, 2010, 10:45am
1
Hi all,
i have a ftp server running and all is working with the following rules
/ip firewall filter
/ip firewall nat
/ip firewall service-port
Unfortunately this configuration also blocks any outgoing ftp sessions. My guess is that all traffic on port 21 is redirected to my server including the returning traffic form my local sessions to internet.
What is the correct way to solve this ?
mrz
December 20, 2010, 11:01am
2
Yes, you need to add accept rule for traffic coming from the server, so that it is not dstnated back.
tinka
December 20, 2010, 1:39pm
3
sounds logical. How can i recognize this traffic ?
( remember it is the beginners section
You need to set the dst-address on the dstnat rule, or it will dstnat everything
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=21 protocol=tcp to-addresses=192.168.179.8 dst-address=x.x.x.x
Change the x.x.x.x to your public ip.
tinka
December 20, 2010, 6:25pm
5
SurferTim:
You need to set the dst-address on the dstnat rule, or it will dstnat everything
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=21 protocol=tcp to-addresses=192.168.179.8 dst-address=x.x.x.x
Change the x.x.x.x to your public ip.
This does the trick. Thanks.
)