Community discussions

MUM Europe 2020
 
rodrigobad
just joined
Topic Author
Posts: 4
Joined: Thu Nov 27, 2014 3:13 pm

problem in NAT like w2k3

Thu Nov 27, 2014 3:22 pm

Hi all, i have an routerboard and need a unsual nat.
My rb wan : 192.168.1.1 Lan 192.168.0.1
my ftp server: 192.168.0.2
when someone try to reach my ftp, i get an log with the ip of user, something like this:
Image
In windows 2003+isar server i have this option:
Image
Selecting "Requests apper to come from ISA Server computer" im my ftp server i get 192.168.0.1:21 not the public ip of client.
How to do this in mk?
Thanks all :)
 
jfvelamoscoso
Trainer
Trainer
Posts: 59
Joined: Fri Oct 25, 2013 12:52 am
Location: Arequipa - Peru

Re: problem in NAT like w2k3

Thu Nov 27, 2014 7:09 pm

Can you make some graphic of the topology how everething is connected specifing ports?
----------------------------------------
jfvelamoscoso@gmail.com
Network Engineer Noc Department
MTCNA, MTCTCE

If it helps please give some karma
 
rodrigobad
just joined
Topic Author
Posts: 4
Joined: Thu Nov 27, 2014 3:13 pm

Re: problem in NAT like w2k3

Thu Nov 27, 2014 9:08 pm

Image
infos:
Modem can be in bridge mode, routerboard get public ip. (problem persists)
Modem on router mode dmz on ip 192.168.1.1 (problem persists)
if i cant do this, i will be forced to get an w2k3 again :( :(

ps: i can get files from ftp, but for some judicial law, my clients ip's cant be displayed on log of ftp server >.<" the log must register the ip of routerboard... on windows 2k3 server this works :-?
 
jfvelamoscoso
Trainer
Trainer
Posts: 59
Joined: Fri Oct 25, 2013 12:52 am
Location: Arequipa - Peru

Re: problem in NAT like w2k3

Fri Nov 28, 2014 4:12 pm

OK, just disconect your modem to test if it is working, it is not matter of it.

On routerboard just add this rule.

ip firewall nat add chain=srcnat action=src-nat dst-address=192.168.0.2 src-address=!192.168.0.2 to-addresses=192.168.0.1 out-interface=xxxx.

This rule says that each packet that goes to 192.168.0.2 from an address diferent to 192.168.0.2 is nating to 192.168.0.1(Address of routerboard) the out interface you have to type where it is connected you ftp (you didn't specific ports on your diagram).

Tell me if it works
----------------------------------------
jfvelamoscoso@gmail.com
Network Engineer Noc Department
MTCNA, MTCTCE

If it helps please give some karma
 
rodrigobad
just joined
Topic Author
Posts: 4
Joined: Thu Nov 27, 2014 3:13 pm

Re: problem in NAT like w2k3

Fri Nov 28, 2014 6:32 pm

dont works, the request comes with client ip :S :? :? :?
 
jfvelamoscoso
Trainer
Trainer
Posts: 59
Joined: Fri Oct 25, 2013 12:52 am
Location: Arequipa - Peru

Re: problem in NAT like w2k3

Fri Nov 28, 2014 6:47 pm

Please check if the packets are passing through this rule you can check it at winbox
----------------------------------------
jfvelamoscoso@gmail.com
Network Engineer Noc Department
MTCNA, MTCTCE

If it helps please give some karma
 
rodrigobad
just joined
Topic Author
Posts: 4
Joined: Thu Nov 27, 2014 3:13 pm

Re: problem in NAT like w2k3

Mon Dec 01, 2014 12:49 pm

jfvelamoscoso, very tkz man.
i put the wrong interface on my rule, now its works great!
FileZilla Server version 0.9.48 beta
Copyright 2001-2014 by Tim Kosse (tim.kosse@filezilla-project.org)
https://filezilla-project.org/
Connecting to server 127.0.0.1:14147...
Connected, waiting for authentication
Logged on
(000031)01/12/2014 08:47:19 - (not logged in) (192.168.2.254)> Connected on port 21, sending welcome message...
(000031)01/12/2014 08:47:22 - (not logged in) (192.168.2.254)> USER ******
(000031)01/12/2014 08:47:22 - (not logged in) (192.168.2.254)> 331 Password required for *******
(000031)01/12/2014 08:47:25 - (not logged in) (192.168.2.254)> PASS ******
(000031)01/12/2014 08:47:25 - ******* (192.168.2.254)> 230 Logged on
man, very tkz again!
 
jfvelamoscoso
Trainer
Trainer
Posts: 59
Joined: Fri Oct 25, 2013 12:52 am
Location: Arequipa - Peru

Re: problem in NAT like w2k3

Mon Dec 01, 2014 4:13 pm

Nice,

I am very happy that it work, feel free to contact me if you need any help in the future
----------------------------------------
jfvelamoscoso@gmail.com
Network Engineer Noc Department
MTCNA, MTCTCE

If it helps please give some karma

Who is online

Users browsing this forum: Calvinfuete, dmitris, mccowboy and 65 guests