forwarding to ftp server

Sniedzins · March 6, 2007, 3:45pm

Hello!

I am writing, because I cannot get through Mikrotik’s router to the ftp server.. And, what else is interesting, the NAT rule O is not wirking as well.

I have just one real IP address. So to I need to make NAT rules, I supose, to get from internet to my ftp server, that does not have a real IP address.

Here are the NAT rules:

Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=5900
action=dst-nat to-addresses=x.x.x.14 to-ports=5900

1 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=25
action=dst-nat to-addresses=x.x.x.13 to-ports=25

2 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=110
action=dst-nat to-addresses=x.x.x.13 to-ports=110

3 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=3389
action=dst-nat to-addresses=x.x.x.180 to-ports=3389

4 chain=srcnat out-interface=ether1 action=masquerade

5 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=21
action=dst-nat to-addresses=x.x.x.26 to-ports=21

1,2,3,4 rules ar working fine. 0 and 5 is not working at all. If I try to connect to my ftp server - rule 5, I can see using winbox, that router receives my demand. But it doesn’t let me through.

Any help?

Thank you!

jo2jo · March 6, 2007, 4:36pm

make sure the MT Ftp server is disabled…and try the netmap action. Should not matter, but ive been using netmap to do port fowarding for a while on many different MT routers.

Sniedzins · March 7, 2007, 8:05am

hello again!

well.. i am total beginner in RouterOS.. so.. could i as for a help how to use netmap action?

i would trully appreciate any help, because suddenly we need ftp server.. very quickly.. but i cannot get through router..

mneumark · March 7, 2007, 8:09am

Sniedzins,

At the very bottom of http://www.mikrotik.com/testdocs/ros/2.9/ip/nat.php they have a example of how to use netmap. It’s pretty easy and the example is easy to understand.

Diganet · March 7, 2007, 4:29pm

Sniedzins:

Hello!

I am writing, because I cannot get through Mikrotik’s router to the ftp server.. And, what else is interesting, the NAT rule O is not wirking as well.

I have just one real IP address. So to I need to make NAT rules, I supose, to get from internet to my ftp server, that does not have a real IP address.

Here are the NAT rules:

Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=5900
action=dst-nat to-addresses=x.x.x.14 to-ports=5900

1 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=25
action=dst-nat to-addresses=x.x.x.13 to-ports=25

2 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=110
action=dst-nat to-addresses=x.x.x.13 to-ports=110

3 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=3389
action=dst-nat to-addresses=x.x.x.180 to-ports=3389

4 chain=srcnat out-interface=ether1 action=masquerade

5 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=21
action=dst-nat to-addresses=x.x.x.26 to-ports=21

1,2,3,4 rules ar working fine. 0 and 5 is not working at all. If I try to connect to my ftp server - rule 5, I can see using winbox, that router receives my demand. But it doesn’t let me through.

Any help?

Thank you!

To make VNC work you have to forward both port 5800 and 5900. Same goes with FTP. You need to forward port 20 and 21. Also be sure that both hosts (.13 and .26) have MT as their default gw.

It will work, it does here

/Henrik

kolorasta · September 18, 2007, 12:37pm

Sniedzins:

Hello!

I am writing, because I cannot get through Mikrotik’s router to the ftp server.. And, what else is interesting, the NAT rule O is not wirking as well.

I have just one real IP address. So to I need to make NAT rules, I supose, to get from internet to my ftp server, that does not have a real IP address.

Here are the NAT rules:

Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=5900
action=dst-nat to-addresses=x.x.x.14 to-ports=5900

1 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=25
action=dst-nat to-addresses=x.x.x.13 to-ports=25

2 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=110
action=dst-nat to-addresses=x.x.x.13 to-ports=110

3 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=3389
action=dst-nat to-addresses=x.x.x.180 to-ports=3389

4 chain=srcnat out-interface=ether1 action=masquerade

5 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=21
action=dst-nat to-addresses=x.x.x.26 to-ports=21

1,2,3,4 rules ar working fine. 0 and 5 is not working at all. If I try to connect to my ftp server - rule 5, I can see using winbox, that router receives my demand. But it doesn’t let me through.

Any help?

Thank you!

I had the same problem… and i fixed it you have to specify the in-interface to the wan interface

in your case is ether1 (i guess so because it’s the out-interface in the masquerade) the rule #5 would be like this

5 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=21
action=dst-nat to-addresses=x.x.x.26 to-ports=21 in-interface=ether1

now you can have an ftp server in your lan with external access and connect to any ftp server at the same time

dentwistle · September 20, 2007, 10:11pm

I had a similar issue and I setup a rule to allow related connections that way tcp port 20 the ftp data port is also allowed through. I found this when I was able to connect to the server but not retrieve any data from directory lookups and such. You might also want to turn on the ftp helper in the firewall settings.