problem in NAT like w2k3

rodrigobad · November 27, 2014, 1:22pm

Hi all, i have an routerboard and need a unsual nat.
My rb wan : 192.168.1.1 Lan 192.168.0.1
my ftp server: 192.168.0.2
when someone try to reach my ftp, i get an log with the ip of user, something like this:

In windows 2003+isar server i have this option:

Selecting “Requests apper to come from ISA Server computer” im my ftp server i get 192.168.0.1:21 not the public ip of client.
How to do this in mk?
Thanks all

jfvelamoscoso · November 27, 2014, 5:09pm

Can you make some graphic of the topology how everething is connected specifing ports?

rodrigobad · November 27, 2014, 7:08pm

infos:
Modem can be in bridge mode, routerboard get public ip. (problem persists)
Modem on router mode dmz on ip 192.168.1.1 (problem persists)
if i cant do this, i will be forced to get an w2k3 again

ps: i can get files from ftp, but for some judicial law, my clients ip’s cant be displayed on log of ftp server >.<" the log must register the ip of routerboard… on windows 2k3 server this works

jfvelamoscoso · November 28, 2014, 2:12pm

OK, just disconect your modem to test if it is working, it is not matter of it.

On routerboard just add this rule.

ip firewall nat add chain=srcnat action=src-nat dst-address=192.168.0.2 src-address=!192.168.0.2 to-addresses=192.168.0.1 out-interface=xxxx.

This rule says that each packet that goes to 192.168.0.2 from an address diferent to 192.168.0.2 is nating to 192.168.0.1(Address of routerboard) the out interface you have to type where it is connected you ftp (you didn’t specific ports on your diagram).

Tell me if it works

rodrigobad · November 28, 2014, 4:32pm

dont works, the request comes with client ip :S

jfvelamoscoso · November 28, 2014, 4:47pm

Please check if the packets are passing through this rule you can check it at winbox

rodrigobad · December 1, 2014, 10:49am

jfvelamoscoso, very tkz man.
i put the wrong interface on my rule, now its works great!

FileZilla Server version 0.9.48 beta
Copyright 2001-2014 by Tim Kosse (tim.kosse@filezilla-project.org)
https://filezilla-project.org/
Connecting to server 127.0.0.1:14147...
Connected, waiting for authentication
Logged on
(000031)01/12/2014 08:47:19 - (not logged in) (192.168.2.254)> Connected on port 21, sending welcome message...
(000031)01/12/2014 08:47:22 - (not logged in) (192.168.2.254)> USER ******
(000031)01/12/2014 08:47:22 - (not logged in) (192.168.2.254)> 331 Password required for *******
(000031)01/12/2014 08:47:25 - (not logged in) (192.168.2.254)> PASS ******
(000031)01/12/2014 08:47:25 - ******* (192.168.2.254)> 230 Logged on

man, very tkz again!

jfvelamoscoso · December 1, 2014, 2:13pm

Nice,

I am very happy that it work, feel free to contact me if you need any help in the future