Page 1 of 1

problem in NAT like w2k3

Posted: Thu Nov 27, 2014 3:22 pm
by rodrigobad
Hi all, i have an routerboard and need a unsual nat.
My rb wan : 192.168.1.1 Lan 192.168.0.1
my ftp server: 192.168.0.2
when someone try to reach my ftp, i get an log with the ip of user, something like this:
Image
In windows 2003+isar server i have this option:
Image
Selecting "Requests apper to come from ISA Server computer" im my ftp server i get 192.168.0.1:21 not the public ip of client.
How to do this in mk?
Thanks all :)

Re: problem in NAT like w2k3

Posted: Thu Nov 27, 2014 7:09 pm
by jfvelamoscoso
Can you make some graphic of the topology how everething is connected specifing ports?

Re: problem in NAT like w2k3

Posted: Thu Nov 27, 2014 9:08 pm
by rodrigobad
Image
infos:
Modem can be in bridge mode, routerboard get public ip. (problem persists)
Modem on router mode dmz on ip 192.168.1.1 (problem persists)
if i cant do this, i will be forced to get an w2k3 again :( :(

ps: i can get files from ftp, but for some judicial law, my clients ip's cant be displayed on log of ftp server >.<" the log must register the ip of routerboard... on windows 2k3 server this works :-?

Re: problem in NAT like w2k3

Posted: Fri Nov 28, 2014 4:12 pm
by jfvelamoscoso
OK, just disconect your modem to test if it is working, it is not matter of it.

On routerboard just add this rule.

ip firewall nat add chain=srcnat action=src-nat dst-address=192.168.0.2 src-address=!192.168.0.2 to-addresses=192.168.0.1 out-interface=xxxx.

This rule says that each packet that goes to 192.168.0.2 from an address diferent to 192.168.0.2 is nating to 192.168.0.1(Address of routerboard) the out interface you have to type where it is connected you ftp (you didn't specific ports on your diagram).

Tell me if it works

Re: problem in NAT like w2k3

Posted: Fri Nov 28, 2014 6:32 pm
by rodrigobad
dont works, the request comes with client ip :S :? :? :?

Re: problem in NAT like w2k3

Posted: Fri Nov 28, 2014 6:47 pm
by jfvelamoscoso
Please check if the packets are passing through this rule you can check it at winbox

Re: problem in NAT like w2k3

Posted: Mon Dec 01, 2014 12:49 pm
by rodrigobad
jfvelamoscoso, very tkz man.
i put the wrong interface on my rule, now its works great!
FileZilla Server version 0.9.48 beta
Copyright 2001-2014 by Tim Kosse (tim.kosse@filezilla-project.org)
https://filezilla-project.org/
Connecting to server 127.0.0.1:14147...
Connected, waiting for authentication
Logged on
(000031)01/12/2014 08:47:19 - (not logged in) (192.168.2.254)> Connected on port 21, sending welcome message...
(000031)01/12/2014 08:47:22 - (not logged in) (192.168.2.254)> USER ******
(000031)01/12/2014 08:47:22 - (not logged in) (192.168.2.254)> 331 Password required for *******
(000031)01/12/2014 08:47:25 - (not logged in) (192.168.2.254)> PASS ******
(000031)01/12/2014 08:47:25 - ******* (192.168.2.254)> 230 Logged on
man, very tkz again!

Re: problem in NAT like w2k3

Posted: Mon Dec 01, 2014 4:13 pm
by jfvelamoscoso
Nice,

I am very happy that it work, feel free to contact me if you need any help in the future