I can´t connect from my LAN to FTP or RDP outside services.
This is my schema:
INTERNET → CABLEMODEM → MIKROTIK → LINKSYS AP MODE → LAN PC
These are my firewall filter forward rules:
0 ;;; Permito Terminal Server solo desde el Trabajo - IMPSAT
chain=forward src-address=200.X.X.X dst-address=192.168.1.2 protocol=tcp dst-port=3389 action=accept
1 ;;; Permito Terminal Server solo desde el Trabajo - IPLAN
chain=forward src-address=200.X.X.X dst-address=192.168.1.2 protocol=tcp dst-port=3389 action=accept
2 ;;; Permito Terminal Server - Regla Dinamica
chain=forward src-address=200.X.X.X dst-address=192.168.1.2 protocol=tcp dst-port=3389 action=accept
3 ;;; Permito Conexiones eMule - TCP
chain=forward src-address=0.0.0.0/0 dst-address=192.168.1.2 protocol=tcp dst-port=7415 action=accept
4 ;;; Permito Conexiones eMule - UDP
chain=forward src-address=0.0.0.0/0 dst-address=192.168.1.2 protocol=udp dst-port=23198 action=accept
5 ;;; Deniego FTP Entrante
chain=forward src-address=200.X.X.X/16 protocol=tcp dst-port=20-21 action=drop
6 ;;; Permito FTP Entrante
chain=forward src-address=0.0.0.0/0 dst-address=192.168.1.2 protocol=tcp dst-port=20-21 action=accept
7 ;;; Permito Todo desde 192.168.1.0/24
chain=forward in-interface=interna src-address=192.168.1.0/24 action=accept
8 ;;; Accept established connections
chain=forward connection-state=established action=accept
9 ;;; Accept related connections
chain=forward connection-state=related action=accept
10 ;;; Logueo Resto
chain=forward action=log log-prefix=“resto-forward”
11 ;;; Deniego Resto - Forward
chain=forward in-interface=externa dst-address=192.168.1.0/24 action=drop
What could it be the problem ?.
Thanks a lot.
Looks like you are trying to forward in from public IPs to private IPs. You need NAT rules, not forward rules. YOu would also put the public IP in the DST nat for the forward in. ..
I forgot put my nat rules, sorry:
0 ;;; Nat de la Lan
chain=srcnat out-interface=externa src-address=192.168.1.0/24 action=masquerade
1 ;;; Permito eMule Pto TCP 7415
chain=dstnat in-interface=externa protocol=tcp dst-port=7415 action=dst-nat to-addresses=192.168.1.2 to-ports=7415
2 ;;; Permito eMule Pto UDP 23198
chain=dstnat in-interface=externa protocol=udp dst-port=23198 action=dst-nat to-addresses=192.168.1.2 to-ports=23198
3 X ;;; Permito Azureus Pto TCP - Puerto de Datos Entrantes
chain=dstnat protocol=tcp dst-port=63185 action=dst-nat to-addresses=192.168.1.2 to-ports=63185
4 X ;;; Permito Azureus Pto UDP - Puerto de Datos Entrantes
chain=dstnat protocol=udp dst-port=27581 action=dst-nat to-addresses=192.168.1.2 to-ports=27581
5 X ;;; Permito Azureus Pto UDP - Puerto de Cliente del Rastreador
chain=dstnat protocol=udp dst-port=27581 action=dst-nat to-addresses=192.168.1.2 to-ports=27581
6 ;;; Permite FTP
chain=dstnat protocol=tcp dst-port=21 action=dst-nat to-addresses=192.168.1.2 to-ports=21
7 ;;; Permite FTP
chain=dstnat protocol=tcp dst-port=20 action=dst-nat to-addresses=192.168.1.2 to-ports=20
8 ;;; Permite Terminal Server
chain=dstnat protocol=tcp dst-port=3389 action=dst-nat to-addresses=192.168.1.2 to-ports=3389
9 chain=dstnat action=log log-prefix=“log-nat”
What I´m doing wrong ?.
Thanks !
Please, someone can help me ?. Thanks in advance.
I have te same problem. In my case it has something to do with the MT version. The system was working ok with MT 2.9.xx the problem started when upgrading to MT 3.7. Since then I can not accees to any FTP site in the Internet from any PC in the local LAN