Firewall without NAT

Hey!

Hope this shouldn’t be posted in the beginners forum since i’m quite a hacker
We have bought a rb1100 that we will use for our local-net, a few DMZ-zones and guest networks.
The setup has been more or less straight through. But i have problem setting a public FTP-server as intended.
We have the FTP-server as the only device in one of our DMZ-zones, i want to have one of our public IP-addresses directly assigned to the server, but still firewalled by the routerboard.

I don’t under stand how to implement this.
We have a public /28-net, 6 of the IP’s are set up and used atm using nat to private nets using src/dst-nat to publish services. So the plan is to via vlan or eth-port “forward” one of the public IP’s to the FTP after passing the firewall.

Is this possible?

Hi,

r using Dst Nat rule for Nat inside.

this depends on if your provider is routing or bridging the subnet to you. if they are arping for those IPs directly on your wan interface then you dont have the option of just routing it one more interface down the line. you have to use nat, or proxyarp or some other less optimal hack.

whats the issue with nat and ftp, is the data port not getting forwarded properly? might just need some established / related rules to allow things thru using the ftp helper.