Community discussions

MikroTik App
 
phgachoud
just joined
Topic Author
Posts: 4
Joined: Thu Jul 18, 2019 9:33 pm

unable to access to an ftp server from my LAN through Mikrotik

Mon Jun 29, 2020 1:29 pm

I'm unable to login from the tower to an ftp server but with same command on laptop yes.

lftp -e 'set set ssl:verify-certificate false' -u "ftpUser,ftpPassword" -p 21 ec2-18-218-87-180.us-east-2.compute.amazonaws.com
Login failed: 530 Login authentication failed
With all firewall rules deactivated it doesn't work either :( why can that happen? even on passive mode it doesn't help either

My topology is following.
                                              FTP Server on amazon
                                                      |                              
                                                     WAN
                                                       |
                                             ISP Router (192.168.10.1)
                                  /                             \ 
TPLink_router (192.168.10.10)                   Mikrotik ETH_1 (192.168.10.21)
            /                                                           \
laptop  (192.168.1.102)                             Mikrotik ETH_2 (172.16.10.1)           Mikrotik ETH_3 (172.16.11.1)
                                                               \                                              \
                                                          Tower (172.16.10.160)               My FTP Server (172.16.11.50)
I found that if I disable the NAT rule which sends port 21 to my FTP server I'm able to contact the WAN FTP without problem. What I am missing here???!!
Screenshot_20200629_163741.png
You do not have the required permissions to view the files attached to this post.
Last edited by phgachoud on Mon Jun 29, 2020 11:40 pm, edited 9 times in total.
 
anav
Forum Guru
Forum Guru
Posts: 4659
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: unable to access to an ftp server from my LAN through Mikrotik

Mon Jun 29, 2020 10:36 pm

I am confused you have two routers attached to the ISP modem with the same LAN addresses??
Or are you saying they have two separate WANIP addresses (from the ISPs LAN structure)??

Because the TPLink is dumb router with fixed settings, the MT is a smart router than expects the human to make the necessary settings.
I think its because the MT sees the external WANIP request coming from the outside(tplink) and routes the traffic back as appropriate for dstnat.
Whereas the MT request to the WANIP is internal and will not work due to this diagram.
See diagram Number 3....................
https://help.mikrotik.com/docs/pages/vi ... Id=3211299

So you need to config hairpin NAT or loopback.
How check out this thread.....
viewtopic.php?f=2&t=162869&p=802503#p802503

In your case, you only need to add the masquerade rule in the above thread as the dst-address=fixedwanipofthemikrotik
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
phgachoud
just joined
Topic Author
Posts: 4
Joined: Thu Jul 18, 2019 9:33 pm

Re: unable to access to an ftp server from my LAN through Mikrotik

Mon Jun 29, 2020 11:21 pm

I am confused you have two routers attached to the ISP modem with the same LAN addresses??
Or are you saying they have two separate WANIP addresses (from the ISPs LAN structure)??

Because the TPLink is dumb router with fixed settings, the MT is a smart router than expects the human to make the necessary settings.
I think its because the MT sees the external WANIP request coming from the outside(tplink) and routes the traffic back as appropriate for dstnat.
Whereas the MT request to the WANIP is internal and will not work due to this diagram.
See diagram Number 3....................
https://help.mikrotik.com/docs/pages/vi ... Id=3211299

So you need to config hairpin NAT or loopback.
How check out this thread.....
viewtopic.php?f=2&t=162869&p=802503#p802503

In your case, you only need to add the masquerade rule in the above thread as the dst-address=fixedwanipofthemikrotik
I have one ISP router, with 2 ETH, ETH1 goes to TPLINK, ETH2 goes to Mikrotik's ETH_1

Many thx, I'll check the links, I'm new to mikrotik and advanced network configuration, so somebody else configured the router and I'm taking it afterwards. I don't know if you understood, I edited the question, but I cannot login to the ftp server in WAN through the Mikrotik. But I'll check out the links you pointed out and see if I can understand what I have to do and where. Feel free to tell me what information I'm missing to give, or details of the current configuration of the MT
 
anav
Forum Guru
Forum Guru
Posts: 4659
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: unable to access to an ftp server from my LAN through Mikrotik

Tue Jun 30, 2020 3:34 am

I think if you read the links you will get the idea.
Also feel free to post your config after any changes for comments etc.
/export hide-sensitive file=anynameyouwish
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)

Who is online

Users browsing this forum: No registered users and 14 guests