Page 1 of 1

unable to access to an ftp server from my LAN through Mikrotik

Posted: Mon Jun 29, 2020 1:29 pm
by phgachoud
I'm unable to login from the tower to an ftp server but with same command on laptop yes.

lftp -e 'set set ssl:verify-certificate false' -u "ftpUser,ftpPassword" -p 21 ec2-18-218-87-180.us-east-2.compute.amazonaws.com
Login failed: 530 Login authentication failed
With all firewall rules deactivated it doesn't work either :( why can that happen? even on passive mode it doesn't help either

My topology is following.
                                              FTP Server on amazon
                                                      |                              
                                                     WAN
                                                       |
                                             ISP Router (192.168.10.1)
                                  /                             \ 
TPLink_router (192.168.10.10)                   Mikrotik ETH_1 (192.168.10.21)
            /                                                           \
laptop  (192.168.1.102)                             Mikrotik ETH_2 (172.16.10.1)           Mikrotik ETH_3 (172.16.11.1)
                                                               \                                              \
                                                          Tower (172.16.10.160)               My FTP Server (172.16.11.50)
I found that if I disable the NAT rule which sends port 21 to my FTP server I'm able to contact the WAN FTP without problem. What I am missing here???!!
Screenshot_20200629_163741.png

Re: unable to access to an ftp server from my LAN through Mikrotik

Posted: Mon Jun 29, 2020 10:36 pm
by anav
I am confused you have two routers attached to the ISP modem with the same LAN addresses??
Or are you saying they have two separate WANIP addresses (from the ISPs LAN structure)??

Because the TPLink is dumb router with fixed settings, the MT is a smart router than expects the human to make the necessary settings.
I think its because the MT sees the external WANIP request coming from the outside(tplink) and routes the traffic back as appropriate for dstnat.
Whereas the MT request to the WANIP is internal and will not work due to this diagram.
See diagram Number 3....................
https://help.mikrotik.com/docs/pages/vi ... Id=3211299

So you need to config hairpin NAT or loopback.
How check out this thread.....
viewtopic.php?f=2&t=162869&p=802503#p802503

In your case, you only need to add the masquerade rule in the above thread as the dst-address=fixedwanipofthemikrotik

Re: unable to access to an ftp server from my LAN through Mikrotik

Posted: Mon Jun 29, 2020 11:21 pm
by phgachoud
I am confused you have two routers attached to the ISP modem with the same LAN addresses??
Or are you saying they have two separate WANIP addresses (from the ISPs LAN structure)??

Because the TPLink is dumb router with fixed settings, the MT is a smart router than expects the human to make the necessary settings.
I think its because the MT sees the external WANIP request coming from the outside(tplink) and routes the traffic back as appropriate for dstnat.
Whereas the MT request to the WANIP is internal and will not work due to this diagram.
See diagram Number 3....................
https://help.mikrotik.com/docs/pages/vi ... Id=3211299

So you need to config hairpin NAT or loopback.
How check out this thread.....
viewtopic.php?f=2&t=162869&p=802503#p802503

In your case, you only need to add the masquerade rule in the above thread as the dst-address=fixedwanipofthemikrotik
I have one ISP router, with 2 ETH, ETH1 goes to TPLINK, ETH2 goes to Mikrotik's ETH_1

Many thx, I'll check the links, I'm new to mikrotik and advanced network configuration, so somebody else configured the router and I'm taking it afterwards. I don't know if you understood, I edited the question, but I cannot login to the ftp server in WAN through the Mikrotik. But I'll check out the links you pointed out and see if I can understand what I have to do and where. Feel free to tell me what information I'm missing to give, or details of the current configuration of the MT

Re: unable to access to an ftp server from my LAN through Mikrotik

Posted: Tue Jun 30, 2020 3:34 am
by anav
I think if you read the links you will get the idea.
Also feel free to post your config after any changes for comments etc.
/export hide-sensitive file=anynameyouwish