How to activate ftp in RB493AH

Nanflexal · October 30, 2010, 8:03am

Guys, i’m trying to connect thru ftp in my RB493AH but i can’t connect. could someone help me.

thanks

SurferTim · October 30, 2010, 10:16am

You are trying to connect to the router with a ftp client on a computer? Which one are you using?
Use the ip address of the interface, the user and password. It should connect somewhat like ssh or telnet.
Do you have any rules in “/ip firewall filter” that could block it?

Nanflexal · October 30, 2010, 12:29pm

no, i dont have any filter rules.

i just bridge ether2 to ether9 but my gateway is 10.10.10.254 and i can/t connect to ftp.

n21roadie · October 30, 2010, 1:00pm

I had a problem where i could not connect to serveral MK units by ftp for upgrade turned out the services were simply disabled, enabled solved that, like this 493 has the following disabled;

[XXXXX@XXXXXXX] /ip service> print
Flags: X - disabled, I - invalid

NAME PORT ADDRESS CERTIFICATE

0 X telnet 23 0.0.0.0/0
1 X ftp 21 0.0.0.0/0
2 X www 80 0.0.0.0/0
3 X ssh 22 0.0.0.0/0
4 X www-ssl 443 0.0.0.0/0 none
5 X api 8728 0.0.0.0/0
6 winbox 8291 0.0.0.0/0

This leads me to another question will disabled services cause the DUDE to timeout when it attempts to check these services?

Nanflexal · October 30, 2010, 1:16pm

I use the config below and firewall are blocking ftp and ssh so i reset the config of my router & create a new one and it work but without firewall rules.

/ ip firewall filter
add chain=input connection-state=established comment=“Accept established connections”
add chain=input connection-state=related comment=“Accept related connections”
add chain=input connection-state=invalid action=drop comment=“Drop invalid connections”
add chain=input protocol=udp action=accept comment=“UDP” disabled=no
add chain=input protocol=tcp action=accept comment=“TCP” disabled=no
add chain=input protocol=icmp limit=50/5s,2 comment=“Allow limited pings”
add chain=input protocol=icmp action=drop comment=“Drop excess pings”
add chain=input in-interface=ether2 src-address=10.10.0.0/24 comment=“From our LAN” action=accept
add chain=input action=log log-prefix=“DROP INPUT” comment=“Log everything else”
add chain=input action=drop comment=“Drop everything else”

I bridge ether2 - ether9.

please help me create a firewall config that will protect my network but enable ftp and ssh on my router.

Thanks

fewi · October 30, 2010, 3:23pm

That firewall ruleset will accept all traffic, which makes it useless.

Remove the lines that permit all UDP and TCP and replace them with lines for the specific destination ports. SSH uses TCP/22, so that would be

add chain=input protocol=tcp dst-port=22 action=accept

Usually people add src-address=x.x.x.x as well to specific management networks that can access SSH instead of permitting that to the whole world. Look up other protocol’s ports and write equivalent rules.