How to move files to different folder within the router in Script

brg3466 · November 9, 2020, 1:36am

Hi everyone,
I have to move file from one folder to another within the router itself. It is easy to do it by “drag and drop” in winbox but for some reason I have to do it in the script. The only way I can think of is to use “fetch” to copy the file. But I got stuck here.

Let’s say , I have two directories in the router, A and B, and there is a file “test.txt” under A, I want to copy it to folder B.

[brg3466@MikroTik] > /tool fetch mode=ftp address="router IP address" src-path=/A/test.txt dst-path=/B user=userID password=pwd
  status: failed
failure: connection timeout

I found if I disable the filter rule below in the firewall, the fetch works.

[brg3466@MikroTik] > ip firewall filter pr
Flags: X - disabled, I - invalid, D - dynamic 
  5    ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN log=no log-prefix=""

Anyone can explain to me why this drop input block the ftp and how to solve it ?

Thanks !

jebz · November 9, 2020, 6:21am

I found if I disable the filter rule below in the firewall, the fetch works.
[brg3466@MikroTik] > ip firewall filter pr
Flags: X - disabled, I - invalid, D - dynamic 
  5    ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN log=no log-prefix=""
Anyone can explain to me why this drop input block the ftp and how to solve it ?

Thanks !

.
The firewall rule !LAN also excluded the CPU and also causes issues with the DUDE. It’s not as simple as WAN = !LAN but in the simple firewall rule it’s better as -

chain=input action=drop in-interface-list=WAN log=no log-prefix=""

Provided you have your external interfaces included in the WAN interface list.

mkx · November 9, 2020, 8:14am

When doing fetch via ftp without specifying “server’s” address, I assume command connects to internal FTP server over some loopback interface. Which is not shown by ROS BTW. As that interface is not member of LAN interface list, this rule kicks in.

Alas, I don’t have any idea how to fix this problem … other than following what @jebz wrote: rewrite the offending rule, possibly into a few rules, avoiding using the “!” (not) operand … so you’ll have explicitly written the rest of interface lists (e.g. WAN) and if you don’t have another general drop rule in the list, your (implicit) FTP connection should then succeed.

brg3466 · November 9, 2020, 7:02pm

@jebz, @mkx, thank you both for the explanation and help ! I will try the workaround suggested by jebz.

On other note, I did try to create the loopback interface ( ip: 1.1.1.1/32) and add it in the LAN address-list, so the LAN address-list includes bridge (ether2-ether5) and the loopback , and I create an user called “self” , give full access but it doesn’t work either.

[brg3466@MikroTik] > /user pr
Flags: X - disabled 
 #   NAME      GROUP          ADDRESS            LAST-LOGGED-IN      
 3   ;;; Loopback user
      self        full    1.1.1.1/32              nov/08/2020 17:02:59

see below

[brg3466@MikroTik] > /tool fetch mode=ftp user=self password=123456 address=1.1.1.1 src-path=test.txt dst-path=/B keep-result=yes
  status: failed

failure: connection timeout