FTP NAT rule

Ixo · December 7, 2012, 7:51pm

Hi there,

Sorry if I ask the question that is already answered. I did search but didn’t find anything.

I created a NAT rule for port 21 to access my server inside my network from outside.
Chain: dstnat
Protocol: tcp
Dst Port: 21
Action: dst-nat
To Address: 192.168.0.12
To Ports:21

It worked for me so I was happy, until I tried to access another FTP server from my own computer inside the network (192.168.0.10). It looks like port is getting forwarded back to my server no matter what hostname/IP I use.

Can you please tell me what am I doing wrong?

Appreciate any feedback.

grizly · December 11, 2012, 3:43am

Can you show us the rule you are using?

 /ip firewall nat print chain=dstnat

Refer here for specific guidance: http://wiki.mikrotik.com/wiki/Forwarding_a_port_to_an_internal_IP

Note, FTP generally requires port 20 as well.

Don’t forget to disable the FTP server in MicroTik

/ip service disable ftp

Also, you will need to specify either an in-interface or a dst-address so it knows how to translate it (from what to what basically).

cbrown · December 11, 2012, 3:48am

You need to specify on your nat rule “in-interface” of your WAN interface. Right now your rule is natting everything dst for port 21.

Ixo · December 19, 2012, 11:58pm

Thanks for suggestions.
And special thanks to cbrown. That was it. I knew it was something I was missing. Still learning Mikrotik. It’s a great device.