ftp port fowading

RouterOS Forwarding Protocols
1

ok i have the following problem on my network i cannot connect to my ftp using my command prompt but i can connect using my gui windows based internet explorer,if got ospf setted up on all 7 of my routers,i can connect and enter username and password but the error i get when connecting throw my command prompt when doing ls like list directorys is:

500 illegal port command
425 unable to build data connection; operation timed out

aney ideas?

2

that means that related data connection cannot be created. check if you have nat somewhere in the middle and nat helper is disabled, or you have to switch to passive mode, if you are not already using that.

3

where do i disable nat helper?

4

http://wiki.mikrotik.com/wiki/Manual:IP/Services#Service_Ports
But you want the helper ENABLED on all routers that do NAT. Not that you should be doing NAT on more than one router (the border router where traffic from your AS exits to the Internet).

5 
/ip firewall service-port

But I think that janisk was asking to check if it is not disabled somewhere - it should be enabled for active FTP connection to be established :wink:.

edit: Yeah, fewi was faster :slight_smile:.

6

ok i already did that thought it was something else i will build a diagram and paste it now

7

ok here is my main router: rout print

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 41.134.110.9 1
1 A S 10.0.0.0/24 192.168.45.3 110
2 A S 10.1.1.0/24 192.168.45.3 110
3 ADC 41.134.110.0/28 41.134.110.10 ether1 0
4 A S 192.168.11.0/24 192.168.45.3 110
5 ADC 192.168.13.0/24 192.168.13.1 bridge1 0
6 A S 192.168.20.0/24 192.168.45.3 110
7 A S 192.168.30.0/24 192.168.45.3 110
8 ADC 192.168.45.0/24 192.168.45.1 ether5 0
9 A S 192.168.50.0/24 192.168.45.3 110
10 A S 192.168.88.0/24 192.168.45.3 110

firewall:

0 ;;; All-Internet
chain=srcnat action=masquerade out-interface=ether1

1 ;;; Loop-Back
chain=srcnat action=masquerade protocol=tcp src-address=192.168.45.0/24 dst-address=192.168.88.2

2 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=20-25 protocol=tcp dst-address=41.134.110.1 dst-port=20-25

3 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=443 protocol=tcp dst-address=41.134.110.1 dst-port=443

4 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=2040-2050 protocol=tcp dst-address=41.134.110.1 dst-port=2040-2050

5 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6080 protocol=tcp dst-address=41.134.110.1 dst-port=6080

6 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=9091 protocol=tcp dst-address=41.134.110.1 dst-port=9091

7 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=80-81 protocol=tcp dst-address=41.134.110.1 dst-port=80-81

8 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=3203-3206 protocol=tcp dst-address=41.134.110.1 dst-port=3203-3206

9 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=5900-5935 protocol=tcp dst-address=41.134.110.1 dst-port=5900-5935

10 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6000-6020 protocol=tcp dst-address=41.134.110.1 dst-port=6000-6020

11 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6080 protocol=tcp dst-address=41.134.110.1 dst-port=6080

12 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=7000 protocol=tcp dst-address=41.134.110.1 dst-port=7000

13 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=8061 protocol=tcp dst-address=41.134.110.1 dst-port=8061

14 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=8080-8082 protocol=tcp dst-address=41.134.110.1 dst-port=8080-8082

15 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=9091 protocol=tcp dst-address=41.134.110.1 dst-port=9091

16 chain=dstnat action=dst-nat to-addresses=10.1.1.2 to-ports=8291 protocol=tcp dst-address=41.134.110.1 dst-port=8292

17 chain=dstnat action=dst-nat to-addresses=10.1.1.1 to-ports=8291 protocol=tcp dst-address=41.134.110.1 dst-port=8293

18 chain=dstnat action=dst-nat to-addresses=192.168.20.1 to-ports=8291 protocol=tcp dst-address=41.134.110.1 dst-port=8294

19 chain=dstnat action=dst-nat to-addresses=10.0.0.2 to-ports=8291 protocol=tcp dst-address=41.134.110.1 dst-port=8295

20 chain=dstnat action=dst-nat to-addresses=10.0.0.1 to-ports=8291 protocol=tcp dst-address=41.134.110.1 dst-port=8296

21 chain=dstnat action=dst-nat to-addresses=192.168.50.2 to-ports=8291 protocol=tcp dst-address=41.134.110.1 dst-port=8297
– [Q quit|D dump|down]

router 2:

0 A S 0.0.0.0/0 192.168.45.1 1
1 A S 10.0.0.0/24 10.1.1.1 110
2 ADC 10.1.1.0/24 10.1.1.2 wlan1 0
3 A S 41.134.110.0/28 192.168.45.1 110
4 A S 192.168.11.0/24 10.1.1.1 110
5 A S 192.168.13.0/24 192.168.45.1 110
6 A S 192.168.20.0/24 10.1.1.1 110
7 A S 192.168.30.0/24 10.1.1.1 110
8 ADC 192.168.45.0/24 192.168.45.3 ether1 0
9 A S 192.168.50.0/24 10.1.1.1 110
10 A S 192.168.88.0/24 10.1.1.1 110

firewall:

Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade

router 3:

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 10.1.1.2 1
1 A S 10.0.0.0/24 192.168.20.1 110
2 ADC 10.1.1.0/24 10.1.1.1 wlan1 0
3 A S 41.134.110.0/28 10.1.1.2 110
4 A S 192.168.11.0/24 192.168.20.1 110
5 A S 192.168.13.0/24 10.1.1.2 110
6 ADC 192.168.20.0/24 192.168.20.2 ether1 0
7 A S 192.168.30.0/24 192.168.20.1 110
8 A S 192.168.45.0/24 10.1.1.2 110
9 A S 192.168.50.0/24 192.168.20.1 110
10 A S 192.168.88.0/24 192.168.20.1 110

firewall:

Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade

router 4:

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 192.168.20.1 192.168.20.2 1
1 A S 10.0.0.0/24 192.168.30.2 110
2 A S 10.1.1.0/24 192.168.20.2 110
3 A S 41.134.110.0/28 192.168.20.2 110
4 ADC 192.168.11.0/24 192.168.11.1 ether3 0
5 A S 192.168.13.0/24 192.168.20.2 110
6 ADC 192.168.20.0/24 192.168.20.1 ether2 0
7 ADC 192.168.30.0/24 192.168.30.1 ether1 0
8 A S 192.168.45.0/24 192.168.20.2 110
9 A S 192.168.50.0/24 192.168.30.2 110
10 A S 192.168.88.0/24 192.168.30.2 110

firewall:

0 chain=srcnat action=masquerade

router 5:

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 192.168.30.1 1
1 ADC 10.0.0.0/24 10.0.0.2 wlan1 0
2 A S 10.1.1.0/24 192.168.30.1 110
3 A S 41.134.110.0/28 192.168.30.1 110
4 A S 192.168.11.0/24 192.168.30.1 110
5 A S 192.168.13.0/24 192.168.30.1 110
6 A S 192.168.20.0/24 192.168.30.1 110
7 ADC 192.168.30.0/24 192.168.30.2 ether1 0
8 A S 192.168.45.0/24 192.168.30.1 110
9 A S 192.168.50.0/24 10.0.0.1 110
10 A S 192.168.88.0/24 10.0.0.1 110

firewall:

0 chain=srcnat action=masquerade

router 6:

B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 10.0.0.2 1
1 ADC 10.0.0.0/24 10.0.0.1 wlan1 0
2 A S 10.1.1.0/24 10.0.0.2 110
3 A S 41.134.110.0/28 10.0.0.2 110
4 A S 192.168.11.0/24 10.0.0.2 110
5 A S 192.168.13.0/24 10.0.0.2 110
6 A S 192.168.20.0/24 10.0.0.2 110
7 A S 192.168.30.0/24 10.0.0.2 110
8 A S 192.168.45.0/24 10.0.0.2 110
9 ADC 192.168.50.0/24 192.168.50.1 ether1 0
10 A S 192.168.88.0/24 192.168.50.2 110

firewall:

0 chain=srcnat action=masquerade

router 7: this was my main router but is now the las router that is onsite.

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 X S 0.0.0.0/0 41.134.110.2 1
1 X S 0.0.0.0/0 196.212.100.145 1
2 A S 0.0.0.0/0 192.168.50.1 1
3 A S 0.0.0.0/0 192.168.50.1 1
4 X S 0.0.0.0/0 196.212.100.145 2
5 X S 0.0.0.0/0 41.134.110.2 3
6 A S 10.0.0.0/24 192.168.50.1 110
7 A S 10.1.1.0/24 192.168.50.1 110
8 A S 41.134.110.0/28 192.168.50.1 110
9 A S 192.168.11.0/24 192.168.50.1 110
10 A S 192.168.13.0/24 192.168.50.1 110
11 A S 192.168.20.0/24 192.168.50.1 110
12 A S 192.168.30.0/24 192.168.50.1 110
13 A S 192.168.45.0/24 192.168.50.1 110
14 ADC 192.168.50.0/24 192.168.50.2 ether3-wirless 0
15 ADC 192.168.88.0/24 192.168.88.1 ether5-lan 0

firewall:

0 chain=srcnat action=masquerade

that last router router7 was my main router atleast untill they stole my dsl cables so now i had to get a new connection to my home and my ftp is on 192.168.88.2.

8

found my trouble and sortede it out thanx in anyway!